IP Routes
Overview
Section titled “Overview”Evidence: IP Routes
Description: Collect IP Routes
Category: Network
Platform: macos
Short Name: iprts
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”macOS routing table entries reveal how the system forwards traffic. This data is essential for understanding network topology, default gateways, and investigating potential redirections.
Data Collected
Section titled “Data Collected”This collector gathers structured data about ip routes.
Collection Method
Section titled “Collection Method”This collector queries the routes table via osquery and records results into the ip_routes table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it helps detect malicious routing changes, misconfigurations, and suspicious gateways.