Evidence: Parallels Logs
Description: Collect Parallels Logs
Category: Applications
Platform: macos
Short Name: prllgs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Parallels Desktop is a virtualization solution for macOS that runs Windows and other operating systems. It maintains logs of VM operations, errors, crashes, and problem reports in both user-specific and system-wide locations.
Data Collected
This collector gathers structured data about parallels logs.
Collection Method
This collector gathers Parallels logs from user Library directories (parallels.log and Problem Reports) and system-wide Library logs, capturing VM activities and diagnostic information.
Forensic Value
Parallels logs are valuable for investigating VM-based attacks, malware analysis environments, data exfiltration through VMs, and understanding virtualized system activities. They reveal VM usage patterns, guest OS activities, and potential abuse of virtualization for evasion.
