Printer Info

Overview

Evidence: Printer Info
Description: Collect printer info
Category: System
Platform: macos
Short Name: prnt
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

CUPS destinations and options describe configured printers on macOS. This data is essential for understanding printing infrastructure and potential exfiltration channels.

Data Collected

This collector gathers structured data about printer info.

Printer Info Data

Field	Description	Example
Name	Name	Example value
OptionName	Option Name	Example value
OptionValue	Option Value	Example value

Collection Method

This collector queries the cups_destinations table via osquery and records results into printer_info.

Forensic Value

This evidence is crucial for forensic investigations as it identifies available printers and configurations relevant to data leakage scenarios.