Installed Applications
Overview
Evidence: Installed Applications Description: Collect info on installed apps Category: System Platform: macOS Short Name: apps Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
This collector gathers installed applications information from the macOS system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.## Data Collected
This collector gathers structured data about installed applications.
Installed Apps Data
ID
Primary key (auto-increment)
1
DisplayName
Application display name
Safari
AppName
Application name
Safari.app
Path
Application path
/Applications/Safari.app
Environment
Environment
production
Element
Element
application
BundleExecutable
Bundle executable
Safari
BundleIdentifier
Bundle identifier
com.apple.Safari
BundleName
Bundle name
Safari
BundleVersion
Bundle version
16.0
LastChangeTime
Last change time
2023-10-15 14:30:25
AccessTime
Access time
2023-10-15 14:30:25
ModificationTime
Modification time
2023-10-15 14:30:25
LastOpenedTime
Last opened time
2023-10-15 14:30:25
Hash
Application hash
a1b2c3d4e5f6...
SizeInBytes
Size in bytes
10485760
DisableLibraryValidation
Disable library validation
false
DyldEnvVariables
DYLD environment variables
false
SignatureInfo
Code signature information
TeamIdentifier: ABCD123456
DynamicLibraries
Dynamic libraries
libSystem.B.dylib, libobjc.A.dylib
Collection Method
This collector parses the necessary data from the installed_applications
table.
Usage
This evidence is crucial for forensic investigations as it provides installed applications information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess system security posture.
Notes
This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.
Last updated
Was this helpful?