Cron Jobs
Overview
Section titled “Overview”Evidence: Cron Jobs
Description: Collect Cron Jobs
Category: System
Platform: macos
Short Name: cronj
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”This collector gathers cron jobs information from the macOS system. This data is essential for understanding system activity, detecting persistence, and investigating scheduled task misuse.
Data Collected
Section titled “Data Collected”This collector gathers structured data about cron jobs.
Cron Jobs Data
Section titled “Cron Jobs Data”| Field | Description | Example |
|---|---|---|
Event | Event | Example value |
Minute | Minute | Example value |
Hour | Hour | Example value |
DayOfMonth | Day Of Month | Example value |
Month | Month | Example value |
DayOfWeek | Day Of Week | Example value |
Command | Command | Example value |
Path | Path | Example value |
Collection Method
Section titled “Collection Method”This collector queries the crontab table via osquery; if a path is present for an entry, the underlying file is collected.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it reveals scheduled tasks that can indicate persistence mechanisms, data exfiltration schedules, or malicious automation.