Evidence: Install Logs
Description: Collect Install Logs
Category: System
Platform: macos
Short Name: instl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
macOS install logs record software installation activities including package installations, updates, and application deployments. These logs track what software was installed, when, and by whom.
Data Collected
This collector gathers structured data about install logs.
Collection Method
This collector gathers installation log files from /var/log/install*, which contains records of all software installations and updates performed on the system.
Forensic Value
Install logs are valuable for tracking unauthorized software installations, understanding system configuration changes, identifying malicious software deployment, and establishing timelines of system modifications.
