Users

Overview

Evidence: Users Description: Collect Users Category: System Platform: macos Short Name: users Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

User account information provides details about local accounts on macOS, including group memberships and account properties. This data is essential for understanding system access and detecting unauthorized accounts.

Data Collected

This collector gathers structured data about users.

Users Data

Field

Description

Example

UserId

User Id

123

Name

Name

Example value

GroupId

Group Id

123

GroupName

Group Name

Example value

Description

Description

Example value

Directory

Collection Method

This collector queries osquery’s users joined with groups and records results into the users table.

Forensic Value

This evidence is crucial for forensic investigations as it helps identify suspicious or unauthorized accounts, detect privilege escalation, and audit user management for policy compliance.

PreviousUser Groups NextVivaldi Bookmarks

Last updated 3 days ago

Was this helpful?