Evidence: Software Update Information
Description: Collects software update information
Category: System
Platform: macos
Short Name: swinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Software update preferences record last successful updates and recommended updates. This data is essential for verifying patch status and detecting outdated or vulnerable systems.
Data Collected
This collector gathers structured data about software update information.
Collection Method
This collector copies and parses /Library/Preferences/com.apple.SoftwareUpdate.plist and records fields into software_update_information.
Forensic Value
This evidence is crucial for forensic investigations as it reveals update timelines and failures, helping assess exposure windows and compliance.
