Printer Info

Overview

Evidence: Printer Info Description: Collect printer info Category: System Platform: macos Short Name: prnt Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

CUPS destinations and options describe configured printers on macOS. This data is essential for understanding printing infrastructure and potential exfiltration channels.

Data Collected

This collector gathers structured data about printer info.

Printer Info Data

Field

Description

Example

Name

Name

Example value

OptionName

Option Name

Example value

OptionValue

Option Value

Example value

Collection Method

This collector queries the cups_destinations table via osquery and records results into printer_info.

Forensic Value

This evidence is crucial for forensic investigations as it identifies available printers and configurations relevant to data leakage scenarios.

PreviousPrint Jobs NextProcesses

Last updated 3 days ago

Was this helpful?