BASICINFO

The BASICINFO plugin collects basic Operating system, hardware and file system details relating from the image. It provides partition sizes, names, types, offsets, and what partitions contain macOS.

This plugin does not support standalone mode.

This plugin pulls information from various sources depending on the information being pulled.

macOS Version	Path
Mountain Lion, Mavericks, Yosemite, El Capitan, Sierra, High Sierra, Mojave	/Library/Preferences/.GlobalPreferences.plist /Library/Preferences/SystemConfiguration/preferences.plist /private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C/consolidated.db /System/Library/CoreServices/SystemVersion.plist /private/etc/localtime /Library/Preferences/com.apple.loginwindow.plist

Sample Usage

$ python mac-apt.py -x -o ~/Case_Output E01 ~/Acquisition.E01 BASICINFO

Output

Field Name	Notes
INFO_TYPE	Type of Info being pulled (see table below)
Name	Name of the specific field being pulled
Data	Value associated with the field
Description	Description of the field
Source	Source of information being pulled

INFO_TYPE Types	Notes
SYSTEM	System Information * OSX Version : current OS version * HostName : hostname of computer * LocalHostName : name of localhost * ComputerName : name of computer
HARDWARE	Hardware Information * Mac Serial Number : hardware serial number * Model : Mac hardware Model
TIMEZONE	Timezone and Location Information * SelectedCity.CountryCode : country code of the country that the computer's city is located in * SelectedCity.Latitude : latitude of the city the computer is located in * SelectedCity.Longitude : longitude of the city the computer is located in * SelectedCity.Name : name of city * SelectedCity.RegionalCode : state abbreviation * SelectedCity.TimeZoneName : name of the timezone * SelectedCity.Version : version of timezone * TimeZone Set : name of timezone set on machine
USER-LOGIN	User-login Information * lastUser : last user-login action * lastUserName : last user logged in * GuestEnabled : (Boolean) whether or not Guest accounts are enabled on computer * lastLoginPanic : absolute time of last login panic
HFS	File System / Volume Information * Block Size : Volume block size (internal) * Created date : Volume created date (local time) * Last Modified date : Volume last modified date * Last Checked date : Volume last checked for errors * Last Backup date : Volume last backup date * Last Mounted Version : Version of the last mounted file system * HFSX status : (Boolean) Whether or not the volume is HFSX * HFS version : Volume version * Number of Files : Volume's total files * Number of Folders : Volume's total folders

Output

Getting Started

Introduction
Installation
- Installation-old
Sample Usage
- ios_apt
- Artifact Only Mode
- Mounted System Data Mode
Interpreting Output
Issues & Workarounds
- Plugin Issues

Plugins

AUTOSTART
BASICINFO
BLUETOOTH
DOMAINS
FSEVENTS
IDEVICEBACKUPS
IDEVICEINFO
IMESSAGE
INETACCOUNTS
INSTALLHISTORY
MSOFFICE
NETUSAGE
NETWORKING
NOTES
NOTIFICATIONS
PRINTJOBS
QUARANTINE
RECENTITEMS
SAFARI
SCREENTIME
SPOTLIGHT
SPOTLIGHTSHORTCUTS
TERMINALSTATE
TERMSESSIONS
UNIFIEDLOGS
USERS
WIFI

Development

Write a Plugin
Plugin Helpers

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BASICINFO

Sample Usage

Output

Output

Clone this wiki locally