Install Logs
Overview
Section titled “Overview”Evidence: Install Logs
Description: Collect Install Logs
Category: System
Platform: macos
Short Name: instl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”macOS install logs record software installation activities including package installations, updates, and application deployments. These logs track what software was installed, when, and by whom.
Data Collected
Section titled “Data Collected”This collector gathers structured data about install logs.
Collection Method
Section titled “Collection Method”This collector gathers installation log files from /var/log/install*, which contains records of all software installations and updates performed on the system.
Forensic Value
Section titled “Forensic Value”Install logs are valuable for tracking unauthorized software installations, understanding system configuration changes, identifying malicious software deployment, and establishing timelines of system modifications.