Back to binalyze.com

ESXi Collections

AIR supports the following ESXi Evidence and Artifacts

ESXi Evidence List

#

Category

Evidence

Parsed

Investigation Hub

Files Collected

1

System

System Info

Yes

Yes

No

2

System

Kernel Info

Yes

Yes

No

3

System

Module List

Yes

Yes

No

4

System

Hardware Clock

Yes

Yes

No

5

Network

Networks

Yes

Yes

No

6

Network

IP Interface Info

Yes

Yes

No

7

Network

Routes

Yes

Yes

No

8

Network

Routing Table

Yes

Yes

No

9

Network

Virtual Switch Info

Yes

Yes

No

10

Network

VMkernel NIC List

Yes

Yes

No

11

Network

NIC List

Yes

Yes

No

12

Network

Active Connections

Yes

Yes

No

13

Network

Firewall Ruleset

Yes

Yes

No

14

Storage

Datastores

Yes

Yes

No

15

Storage

Disk Usage

Yes

Yes

No

16

Storage

Multipathing Info

Yes

Yes

No

17

Storage

PCI Info

Yes

Yes

No

18

Storage

SCSI Info

Yes

Yes

No

19

Users

User Info

Yes

Yes

No

20

Users

Account Info

Yes

Yes

No

21

Users

Permission Info

Yes

Yes

No

22

Processes

Process

Yes

Yes

No

23

Files

Open Files

Yes

Yes

No

24

System

Advanced Config

Yes

Yes

No

25

System

Advanced Settings

Yes

Yes

No

26

System

Syslog Config

Yes

Yes

No

27

System

Syslog Logger Info

Yes

Yes

No

28

System

WBEM Info

Yes

Yes

No

29

System

VIB Info

Yes

Yes

No

30

System

Collection Info

Yes

Yes

No

31

System

Case Info

Yes

Yes

No

PreviousSupported EvidenceNextAccount Info

Last updated

Was this helpful?