Dock Items

Overview

Evidence: Dock Items Description: Collect Dock Items Category: System Platform: macos Short Name: dckitms Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Dock preferences record persistent apps, folders, and recent items displayed in the macOS Dock. This data is essential for understanding user activity and potential persistence via Dock items.

Data Collected

This collector gathers structured data about dock items.

Dock Items Data

Field

Description

Example

GUID

GUID

123

User

User

Example value

FileLabel

File Label

Example value

ParentModified

Parent Modified

2023-10-15 14:30:25+03:00

FileModified

File Modified

2023-10-15 14:30:25+03:00

RecentlyUsed

Recently Used

true

FileType

File Type

123

FileTypeName

File Type Name

Example value

FilePath

File Path

Example value

Source

Source

Example value

Collection Method

This collector reads users' com.apple.dock.plist files, decodes entries, and records items into the dock_items table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals recently used and pinned applications, supporting timeline and behavior analysis.

PreviousDNS Resolvers NextDocker Changes

Last updated 4 days ago

Was this helpful?