Software Update Information

Overview

Evidence: Software Update Information Description: Collects software update information Category: System Platform: macos Short Name: swinfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Software update preferences record last successful updates and recommended updates. This data is essential for verifying patch status and detecting outdated or vulnerable systems.

Data Collected

This collector gathers structured data about software update information.

Collection Method

This collector copies and parses /Library/Preferences/com.apple.SoftwareUpdate.plist and records fields into software_update_information.

Forensic Value

This evidence is crucial for forensic investigations as it reveals update timelines and failures, helping assess exposure windows and compliance.