# CollectInfo ## Overview **Evidence:** CollectInfo\ **Description:** CollectInfo\ **Category:** System\ **Platform:** esxi\ **Short Name:** cinfo\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background Collection information tracks file-level details for collected artifacts including file paths, sizes, hashes, and timestamps. This metadata validates evidence integrity, supports deduplication, and provides file-level provenance for collected evidence. ## Data Collected This collector gathers structured data about collectinfo. ### CollectInfo Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector records metadata for each collected file, capturing file paths, file sizes, cryptographic hashes (for integrity verification), access/modification/change timestamps, and file permissions. ## Forensic Value Collection metadata ensures evidence integrity through hash verification, supports duplicate detection, enables timestamp analysis, and provides detailed inventory of collected artifacts. Hash values prove file integrity and detect tampering, while timestamps establish file timeline context.