Launchd Files
Overview
Evidence: Launchd Files Description: Collect all launchd plist files from system directories Category: System Platform: macOS Short Name: lnchdf Is Parsed: No Sent to Investigation Hub: Yes Collect File(s): No
Background
This collector gathers launchd files information from the macOS system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.## Data Collected
This collector gathers structured data about launchd files.
Launchd Files Data
ID
Primary key (auto-increment)
1
FilePath
Full file path
/System/Library/LaunchAgents/com.apple.Safari.plist
FileName
File name
com.apple.Safari.plist
FileSize
File size in bytes
1024
FileMode
File permissions
644
IsDir
Whether it's a directory
false
DirectoryType
Directory type (System/Library/User)
System
AccessTime
File access time
2023-10-15 14:30:25
ModificationTime
File modification time
2023-10-15 14:30:25
CreationTime
File creation time
2023-10-15 14:30:25
Collection Method
This collector parses the necessary data from the launchd_files
table.
Usage
This evidence is crucial for forensic investigations as it provides launchd files information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess system security posture.
Notes
This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.
Last updated
Was this helpful?