Installed Applications

Overview

Evidence: Installed Applications Description: Collect info on installed apps Category: System Platform: macOS Short Name: apps Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers installed applications information from the macOS system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.## Data Collected

This collector gathers structured data about installed applications.

Installed Apps Data

Field
Description
Example

ID

Primary key (auto-increment)

1

DisplayName

Application display name

Safari

AppName

Application name

Safari.app

Path

Application path

/Applications/Safari.app

Environment

Environment

production

Element

Element

application

BundleExecutable

Bundle executable

Safari

BundleIdentifier

Bundle identifier

com.apple.Safari

BundleName

Bundle name

Safari

BundleVersion

Bundle version

16.0

LastChangeTime

Last change time

2023-10-15 14:30:25

AccessTime

Access time

2023-10-15 14:30:25

ModificationTime

Modification time

2023-10-15 14:30:25

LastOpenedTime

Last opened time

2023-10-15 14:30:25

Hash

Application hash

a1b2c3d4e5f6...

SizeInBytes

Size in bytes

10485760

DisableLibraryValidation

Disable library validation

false

DyldEnvVariables

DYLD environment variables

false

SignatureInfo

Code signature information

TeamIdentifier: ABCD123456

DynamicLibraries

Dynamic libraries

libSystem.B.dylib, libobjc.A.dylib

Collection Method

This collector parses the necessary data from the installed_applications table.

Usage

This evidence is crucial for forensic investigations as it provides installed applications information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess system security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

Last updated

Was this helpful?