artif: new artifact

Author: tclahr

CHANGELOG.md

@@ -4,12 +4,14 @@
 
 ### Artifacts
 
+- files/applications/findmy.yaml: Added the collection of the list of user's items/devices and items/devices info registered within the Find My application [macos].
 - files/applications/rclone.yaml: Added the collection of rclone application configuration and log files [freebsd, linux, macos, netbsd, openbsd, solaris].
 - files/applications/rustdesk.yaml: Added the collection of RustDesk application access logs and screen recording files [linux, macos].
 - files/applications/splashtop.yaml: Added the collection of Splashtop application artifacts [linux, macos].
 - files/applications/steam.yaml: Added the collection of Steam browser artifacts, avatar pictures, configuration and log files [linux, macos].
 - files/applications/teamviewer.yaml: Added the collection of TeamViewer application artifacts [linux, macos].
 - files/applications/thinlinc.yaml: Added the collection of ThinLinc application configuration files, connections and post-session logs [linux, macos].
+- files/package/installed_applications: Added the collection of Info.plist from installed applications [macos].
 - files/system/netscaler.yaml: Added the collection of '/var/vpn', '/var/netscaler/logon', and '/netscaler/ns_gui' system files and directories [netscaler].
 - files/system/nsconfig.yaml: Deprecated. All artifacts were moved to 'files/system/netscaler.yaml' [netscaler].
 - live_response/storage/mdadm.yaml: Added the collection of information on Linux software RAID [linux].

artifacts/files/packages/install_history.yaml

@@ -0,0 +1,35 @@
+version: 2.0
+artifacts:
+  -
+    description: Collect InstallHistory.plist file.
+    supported_os: [macos]
+    collector: file
+    path: /Library/Receipts/InstallHistory.plist
+    ignore_date_range: true
+  -
+    description: Collect Info.plist from installed applications.
+    supported_os: [macos]
+    collector: file
+    path: /Applications
+    path_pattern: ["*/Contents/Info.plist"]
+  -
+    description: Collect Info.plist from installed applications.
+    supported_os: [macos]
+    collector: file
+    path: /Library
+    path_pattern: ["*/Contents/Info.plist"]
+  -
+    description: Collect Info.plist from installed applications.
+    supported_os: [macos]
+    collector: file
+    path: /%user_home%/Applications
+    path_pattern: ["*/Contents/Info.plist"]
+    exclude_nologin_users: true
+  -
+    description: Collect Info.plist from installed applications.
+    supported_os: [macos]
+    collector: file
+    path: /%user_home%/Library
+    path_pattern: ["*/Contents/Info.plist"]
+    exclude_nologin_users: true
+  

artifacts/files/packages/installed_applications.yaml

@@ -0,0 +1,11 @@
+version: 1.0
+artifacts:
+  -
+    description: Collect the list of user's items/devices and items/devices info registered within the Find My application.
+    supported_os: [macos]
+    collector: file
+    path: /%user_home%/Library/Caches/com.apple.findmy.*
+    name_pattern: ["Devices.data"]
+    ignore_date_range: true
+    exclude_nologin_users: true
+