disk_events

Track DMG disk image events (appearance/disappearance) when opened.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: disk_events

• Mac OSX

Table schema

Name	Type	Description
action	TEXT	Appear or disappear
path	TEXT	Path of the DMG file accessed
name	TEXT	Disk event name
device	TEXT	Disk event BSD name
uuid	TEXT	UUID of the volume inside DMG if available
size	BIGINT	Size of partition in bytes
ejectable	INTEGER	1 if ejectable, 0 if not
mountable	INTEGER	1 if mountable, 0 if not
writable	INTEGER	1 if writable, 0 if not
content	TEXT	Disk event content
media_name	TEXT	Disk event media name string
vendor	TEXT	Disk event vendor string
filesystem	TEXT	Filesystem if available
checksum	TEXT	UDIF Master checksum if available (CRC32)
time	BIGINT	Time of appearance/disappearance in UNIX time
eid	TEXT	Event ID

Query examples

Select all the results for the given table.

SELECT * FROM disk_events;