Notification Info

Overview

Evidence: Notification Info Description: Collect Notification Info Category: System Platform: macos Short Name: ntfc Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Notification usage events from KnowledgeC record app notifications and durations. This data is essential for reconstructing user engagement and identifying suspicious or noisy apps.

Data Collected

This collector gathers structured data about notification info.

Collection Method

This collector reads KnowledgeC databases and runs a notification usage query, saving results into notification_info.

Forensic Value

This evidence is crucial for forensic investigations as it ties notifications to apps and timelines, aiding behavior analysis and correlation.