KnowledgeC
Overview
Section titled “Overview”Evidence: KnowledgeC
Description: Collect KnowledgeC Database
Category: System
Platform: aix
Short Name: kcdb
Is Parsed: No
Sent to Investigation Hub: Yes
Collect File(s): Yes
Background
Section titled “Background”KnowledgeC is a macOS database that stores user activity data including application usage, device connections, media playback, location data, and system events. It’s part of Apple’s CoreDuet framework used for Siri suggestions and system intelligence.
Data Collected
Section titled “Data Collected”This collector gathers structured data about knowledgec.
Collection Method
Section titled “Collection Method”This collector gathers the KnowledgeC database and related files from each user’s Library/Application Support/Knowledge directory, which contains comprehensive user activity tracking data.
Forensic Value
Section titled “Forensic Value”KnowledgeC is extremely valuable for forensic investigations, providing detailed user activity timelines, application usage patterns, device connections, location history, and user behavior analysis. It’s one of the richest data sources on macOS for understanding user actions.