Mount

Overview

Evidence: Mount Description: Collects the list of mounted filesystems. Category: DiskFilesystem Platform: macos Short Name: mnt Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers mount information from the macOS system. This data is essential for understanding storage configuration, detecting unauthorized mounts, and investigating storage-related incidents.

Data Collected

This collector gathers structured data about mount.

Mount Data

Field

Description

Example

ID

123

Device

Device

Example value

MountPoint

Mount Point

Example value

FileSystem

File System

Example value

Options

Options

Example value

Collection Method

This collector invokes the mount command and parses its output to record entries in the mount table.

Forensic Value

This evidence is crucial for forensic investigations as it provides visibility into mounted devices, file systems, and options that may reveal persistence or data exfiltration paths.

PreviousMost Recently Used NextMySQL Logs

Last updated 2 days ago

Was this helpful?