Notification Info
Overview
Section titled “Overview”Evidence: Notification Info
Description: Collect Notification Info
Category: System
Platform: macos
Short Name: ntfc
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Notification usage events from KnowledgeC record app notifications and durations. This data is essential for reconstructing user engagement and identifying suspicious or noisy apps.
Data Collected
Section titled “Data Collected”This collector gathers structured data about notification info.
Collection Method
Section titled “Collection Method”This collector reads KnowledgeC databases and runs a notification usage query, saving results into notification_info.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it ties notifications to apps and timelines, aiding behavior analysis and correlation.