Homebrew Logs

Overview

Evidence: Homebrew Logs Description: Collect Homebrew Logs Category: Applications Platform: macos Short Name: hmbwl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Homebrew is a popular package manager for macOS that logs all package installations, updates, and operations. These logs track what software was installed via Homebrew, when, and any errors encountered during package management.

Data Collected

This collector gathers structured data about homebrew logs.

Collection Method

This collector gathers all Homebrew log files from user-specific Library/Logs/Homebrew directories, which contain detailed package management activity including installations, updates, and configurations.

Forensic Value

Homebrew logs are essential for tracking software installations, identifying unauthorized tool deployments, understanding attacker tool setup, and investigating system modifications. They reveal what hacking tools, utilities, or malicious packages were installed.