Back to binalyze.com

macOS Collections

AIR supports the following macOS Evidence and Artifacts

macOS Evidence List

1

Processes

Auto Loaded Processes

Collect info on autoloaded processes

2

Processes

Processes

Collect Processes

3

Browser

Default Browser

Collect Default Browser

4

Browser

Chrome Cookies

Collect Chrome Cookies

5

Browser

Edge Cookies

Collect Edge Cookies

6

Browser

Opera Cookies

Collect Opera Cookies

7

Browser

Vivaldi Cookies

Collect Vivaldi Cookies

8

Browser

Arc Cookies

Collect Arc Cookies

9

Browser

Brave Cookies

Collect Brave Cookies

10

Browser

QQ Cookies

Collect QQ Cookies

11

Browser

Chrome Bookmarks

Collect Chrome Bookmarks

12

Browser

Edge Bookmarks

Collect Edge Bookmarks

13

Browser

Opera Bookmarks

Collect Opera Bookmarks

14

Browser

Vivaldi Bookmarks

Collect Vivaldi Bookmarks

15

Browser

Arc Bookmarks

Collect Arc Bookmarks

16

Browser

Brave Bookmarks

Collect Brave Bookmarks

17

Browser

QQ Bookmarks

Collect QQ Bookmarks

18

Browser

Chrome User Profiles

Collect Chrome User Profiles

19

Browser

Edge User Profiles

Collect Edge User Profiles

20

Browser

Opera User Profiles

Collect Opera User Profiles

21

Browser

Vivaldi User Profiles

Collect Vivaldi User Profiles

22

Browser

Arc User Profiles

Collect Arc User Profiles

23

Browser

Brave User Profiles

Collect Brave User Profiles

24

Browser

QQ User Profiles

Collect QQ User Profiles

25

Browser

Chrome Extensions

Collect Chrome Extensions

26

Browser

Edge Extensions

Collect Edge Extensions

27

Browser

Opera Extensions

Collect Opera Extensions

28

Browser

Firefox Extensions

Collect Firefox Extensions (Addons)

29

Browser

Chrome Local Storage

Collect Chrome Local Storage

30

Browser

Edge Local Storage

Collect Edge Local Storage

31

Browser

Opera Local Storage

Collect Opera Local Storage

32

Browser

Vivaldi Local Storage

Collect Vivaldi Local Storage

33

Browser

Arc Local Storage

Collect Arc Local Storage

34

Browser

Brave Local Storage

Collect Brave Local Storage

35

Browser

QQ Local Storage

Collect QQ Local Storage

36

Browser

Dump Chrome Indexed DB

Dump Chrome Indexed DB

37

Browser

Dump Edge Indexed DB

Dump Edge Indexed DB

38

Browser

Dump Opera Indexed DB

Dump Opera Indexed DB

39

Browser

Dump Vivaldi Indexed DB

Dump Vivaldi Indexed DB

40

Browser

Dump Arc Indexed DB

Dump Arc Indexed DB

41

Browser

Dump Brave Indexed DB

Dump Brave Indexed DB

42

Browser

Dump QQ Indexed DB

Dump QQ Indexed DB

43

Browser

Chrome Web Storage

Collect Chrome Web Storage

44

Browser

Edge Web Storage

Collect Edge Web Storage

45

Browser

Opera Web Storage

Collect Opera Web Storage

46

Browser

Vivaldi Web Storage

Collect Vivaldi Web Storage

47

Browser

Arc Web Storage

Collect Arc Web Storage

48

Browser

Brave Web Storage

Collect Brave Web Storage

49

Browser

QQ Web Storage

Collect QQ Web Storage

50

Browser

Chrome Form History

Collect Chrome Form History

51

Browser

Edge Form History

Collect Edge Form History

52

Browser

Opera Form History

Collect Opera Form History

53

Browser

Vivaldi Form History

Collect Vivaldi Form History

54

Browser

Arc Form History

Collect Arc Form History

55

Browser

Brave Form History

Collect Brave Form History

56

Browser

QQ Form History

Collect QQ Form History

57

Browser

Chrome Thumbnails

Collect Chrome Thumbnails

58

Browser

Edge Thumbnails

Collect Edge Thumbnails

59

Browser

Opera Thumbnails

Collect Opera Thumbnails

60

Browser

Vivaldi Thumbnails

Collect Vivaldi Thumbnails

61

Browser

Arc Thumbnails

Collect Arc Thumbnails

62

Browser

Brave Thumbnails

Collect Brave Thumbnails

63

Browser

QQ Thumbnails

Collect QQ Thumbnails

64

Browser

Chrome Favicons

Collect Chrome Favicons

65

Browser

Edge Favicons

Collect Edge Favicons

66

Browser

Opera Favicons

Collect Opera Favicons

67

Browser

Vivaldi Favicons

Collect Vivaldi Favicons

68

Browser

Arc Favicons

Collect Arc Favicons

69

Browser

Brave Favicons

Collect Brave Favicons

70

Browser

QQ Favicons

Collect QQ Favicons

71

Browser

Chrome Login Data

Collect Chrome Login Data

72

Browser

Edge Login Data

Collect Edge Login Data

73

Browser

Opera Login Data

Collect Opera Login Data

74

Browser

Vivaldi Login Data

Collect Vivaldi Login Data

75

Browser

Arc Login Data

Collect Arc Login Data

76

Browser

Brave Login Data

Collect Brave Login Data

77

Browser

QQ Login Data

Collect QQ Login Data

78

Browser

Chrome Sessions

Collect Chrome Sessions

79

Browser

Edge Sessions

Collect Edge Sessions

80

Browser

Opera Sessions

Collect Opera Sessions

81

Browser

Vivaldi Sessions

Collect Vivaldi Sessions

82

Browser

Arc Sessions

Collect Arc Sessions

83

Browser

Brave Sessions

Collect Brave Sessions

84

Browser

QQ Sessions

Collect QQ Sessions

85

Browser

Chrome Browsing History

Collect visited URLs from Google Chrome

86

Browser

Edge Browsing History

Collect visited URLs from Microsoft Edge

87

Browser

Firefox Browsing History

Collect visited URLs from Mozilla Firefox

88

Browser

Opera Browsing History

Collect visited URLs from Opera

89

Browser

Safari Browsing History

Collect visited URLs from Safari

90

Browser

Vivaldi Browsing History

Collect visited URLs from Vivaldi

91

Browser

Waterfox Browsing History

Collect visited URLs from Waterfox

92

Browser

Brave Browsing History

Collect visited URLs from Brave

93

Browser

Arc Browsing History

Collect visited URLs from Arc

94

Browser

QQ Browsing History

Collect Visited URLs from QQ

95

Browser

Chrome Downloads

Collect Chrome Downloads

96

Browser

Safari Downloads

Collect Safari Downloads

97

Browser

Firefox Downloads

Collect Firefox Downloads

98

Browser

Edge Downloads

Collect Edge Downloads

99

Browser

Opera Downloads

Collect Opera Downloads

100

Browser

Vivaldi Downloads

Collect Vivaldi Downloads

101

Browser

Arc Downloads

Collect Arc Downloads

102

Browser

Brave Downloads

Collect Brave Downloads

103

Browser

Waterfox Downloads

Collect Waterfox Downloads

104

Browser

QQ Downloads

Collect QQ Downloads

105

Browser

Firefox Cookies

Collect Firefox Cookies

106

System

Crashes

Collect Crashes

107

System

Gatekeeper

Collect Gatekeeper details

108

System

Gatekeeper Approved Apps

Collect Gatekeeper apps allowed to run

109

System

Installed Applications

Collect info on installed apps

110

System

Kernel Extensions Info

Collect kernel extensions info

111

System

Launchd Overrides

Collect override keys for LaunchDaemons and Agents

112

System

Package Install History

Collect Package Install History

113

System

System Extension Info

Collect system extension info

114

System

System Integrity Protection Status

Collect SIP status

115

System

Print Jobs

Collect print job info

116

System

Printer Info

Collect printer info

117

System

Transparency, Consent, and Control (TCC)

Collect Transparency, Consent, and Control Information

118

System

Quarantine Events

Collect Quarantine Events Database

119

System

Sudo Last Run

Collect Sudo Last Run

120

System

iMessage

Collect iMessages

121

System

Dock Items

Collect Dock Items

122

System

Document Revisions

Collect Document Revisions

123

System

Apple System Logs (ASL)

Collect Apple System Logs (ASL)

124

System

Apple Audit Logs

Collect Apple Audit Logs

125

System

Shared File List

Collect Shared File List (SFL) items

126

System

Shell History

Collect Shell History

127

System

Downloaded Files Information

Collect information about downloaded files

128

System

Cron Jobs

Collect Cron Jobs

129

System

Quick Look Cache

Collect Quick Look Cache

130

System

Event Taps

Collect Event Taps

131

System

Re-Opened Apps

Collect Re-Opened Apps

132

System

Most Recently Used (MRU)

Collect Most Recently Used (MRU) items

133

System

Login Items

Collect Login Items

134

System

Collect File System (FS) Events

Collect File System Events

135

System

Parse File System (FS) Events

Parse File System Events

136

Disk

Block Devices

Collect Block Devices

137

Disk

Disk Encryption

Collect Disk Encryption status

138

File System

File System Enumeration

Dump file and folder information.

139

File System

.DS_Store Files

Collect information about .DS_Store files.

140

Configurations

ETC Hosts

Collect ETC Hosts

141

Configurations

ETC Protocols

Collect ETC Protocols

142

Configurations

ETC Services

Collect ETC Services

143

Network

Listening Ports

Collect Listening Ports

144

Network

IP Routes

Collect IP Routes

145

Network

Network Interfaces

Collect Network Interfaces

146

Network

DNS Resolvers

Collect DNS Resolvers

147

Network

DHCP Settings

Collect DHCP (Dynamic Host Configuration Protocol) Settings

148

Users

User Groups

Collect User Groups

149

Users

Users

Collect Users

150

Users

Logged Users

Collect Logged Users

151

KnowledgeC

Application Usage

Collect Application Usage

152

KnowledgeC

Bluetooth Connections

Collect Bluetooth Connections

153

KnowledgeC

Notification Info

Collect Notification Info

154

Unified Logs

Logind

Filter user login events

155

Unified Logs

Tccd

Filter tccd events

156

Unified Logs

Sshd

Filter ssh activity events

157

Unified Logs

Command Line Activity

Filter command line activity run with elevated privileges

158

Unified Logs

Kernel Extensions

Filter kernel extension events

159

Unified Logs

Screensharing

Filter screen sharing events

160

Unified Logs

Keychain

Filter keychain unlock events

161

Unified Logs

Session Creation and Destruction

Filter sessions creation and destruction events

162

Unified Logs

XProtect Remediation

Filter detecting and blocking malicious software events

163

Unified Logs

Failed Sudo

Filter failed sudo events

164

Unified Logs

Manuel Configuration Profile Install

Filter MDM Clients Events

165

Persistence

Mail Rules

Collect Mail Rules that contain AppleScript

166

Persistence

Login Hooks

Collect Login Hooks

167

Persistence

Logout Hooks

Collect Logout Hooks

168

Persistence

Emond Clients

Collect Emond Clients

169

SSH

SSH Authorized Keys

Collect SSH authorized keys

170

SSH

SSH Configs

Collect SSH configurations

171

SSH

SSH Known Hosts

Collect SSH known hosts

172

SSH

SSHD Configs

Collect SSHD configurations

macOS Artifact List

1

Server

Apache Logs

Collect Apache Logs

2

Server

NGINX Logs

Collect NGINX Logs

3

Server

MongoDB Logs

Collect MongoDB Logs

4

Server

MySQL Logs

Collect MySQL Logs

5

Server

PostgreSQL Logs

Collect PostgreSQL Logs

6

System

System Logs

Collect System Logs

7

System

Install Logs

Collect Install Logs

8

System

Wifi Logs

Collect Wifi Logs

9

System

KnowledgeC

Collect KnowledgeC Database

10

Docker

Docker Changes

Collect Docker Changes

11

Docker

Docker Containers

Collect Docker Containers

12

Docker

Docker Image History

Collect Docker Image History

13

Docker

Docker Images

Collect Docker Images

14

Docker

Docker Info

Collect Docker Info

15

Docker

Docker Networks

Collect Docker Networks

16

Docker

Docker Processes

Collect Docker Processes

17

Docker

Docker Volumes

Collect Docker Volumes

18

Docker

Docker Container Logs

Collect Docker Container Logs

19

Docker

Docker Logs

Collect Docker Logs on Filesystem

20

Communication

AnyDesk Logs

Collect AnyDesk Logs

21

Communication

Teamviewer Logs

Collect Teamviewer Logs

22

Communication

Discord Desktop Cache

Collect Discord Desktop Cache

23

Communication

Splashtop Mac Logs

Collect Splashtop Mac Application Logs

24

Utilities Artifacts

Parallels Logs

Collect Parallels Logs

25

Utilities Artifacts

Homebrew Logs

Collect Homebrew Logs

26

Antivirus Logs

Sophos Events Database

Collect Sophos Events Database

27

Antivirus Logs

Sophos Logs

Collect Sophos Logs

PreviousWindows CollectionsNextLinux Collections

Last updated