Which sources can reveal client-side programs used by the target's users?

The sources that best reveal client-side programs used by users are those that carry direct fingerprints of the applications on endpoints: metadata embedded in documents can show the program and version that created or last edited the file; User-Agent strings in web traffic disclose the browser and operating system in use; and information provided by personnel—asset inventories, interviews, and helpdesk records—can enumerate the software installed across machines. Together, these signals give a fuller picture of what clients are running. In contrast, server logs may incidentally reveal some of this through User-Agent fields but are incomplete and not reliable for a full inventory; network sniffing mainly shows traffic patterns and protocols rather than definitive client applications; firewall logs focus on connections and policy events, not on installed software.