Evidence: IP Routes
Description: Collect IP Routes
Category: Network
Platform: macos
Short Name: iprts
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
macOS routing table entries reveal how the system forwards traffic. This data is essential for understanding network topology, default gateways, and investigating potential redirections.
Data Collected
This collector gathers structured data about ip routes.
Collection Method
This collector queries the routes table via osquery and records results into the ip_routes table.
Forensic Value
This evidence is crucial for forensic investigations as it helps detect malicious routing changes, misconfigurations, and suspicious gateways.
