# Notification Info

## Overview

**Evidence:** Notification Info\
**Description:** Collect Notification Info\
**Category:** System\
**Platform:** macos\
**Short Name:** ntfc\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

Notification usage events from KnowledgeC record app notifications and durations. This data is essential for reconstructing user engagement and identifying suspicious or noisy apps.

## Data Collected

This collector gathers structured data about notification info.

## Collection Method

This collector reads KnowledgeC databases and runs a notification usage query, saving results into `notification_info`.

## Forensic Value

This evidence is crucial for forensic investigations as it ties notifications to apps and timelines, aiding behavior analysis and correlation.