Evidence: Notification Info
Description: Collect Notification Info
Category: System
Platform: macos
Short Name: ntfc
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Notification usage events from KnowledgeC record app notifications and durations. This data is essential for reconstructing user engagement and identifying suspicious or noisy apps.
Data Collected
This collector gathers structured data about notification info.
Collection Method
This collector reads KnowledgeC databases and runs a notification usage query, saving results into notification_info.
Forensic Value
This evidence is crucial for forensic investigations as it ties notifications to apps and timelines, aiding behavior analysis and correlation.
