CollectInfo

Overview

Evidence: CollectInfo Description: CollectInfo Category: System Platform: esxi Short Name: cinfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Collection information tracks file-level details for collected artifacts including file paths, sizes, hashes, and timestamps. This metadata validates evidence integrity, supports deduplication, and provides file-level provenance for collected evidence.

Data Collected

This collector gathers structured data about collectinfo.

CollectInfo Data

Field

Description

Example

AccessTime

Access Time

2023-10-15 14:30:25+03:00

AccessCount

Access Count

123

URL

URL

Example value

Browser

Browser

Example value

Title

Title

Example value

VisitDuration

Visit Duration

Example value

Referrer

Referrer

Example value

TypedCount

Typed Count

123

IsHidden

Is Hidden

true

TransitionType

Transition Type

Example value

VisitID

Visit ID

123

TransitionQualifiers

Transition Qualifiers

Example value

User

User

Example value

Profile

Profile

Example value

HistoryFilePath

History File Path

Example value

Collection Method

This collector records metadata for each collected file, capturing file paths, file sizes, cryptographic hashes (for integrity verification), access/modification/change timestamps, and file permissions.

Forensic Value

Collection metadata ensures evidence integrity through hash verification, supports duplicate detection, enables timestamp analysis, and provides detailed inventory of collected artifacts. Hash values prove file integrity and detect tampering, while timestamps establish file timeline context.

PreviousAdvanced Settings NextCPU Info

Last updated 9 days ago

Was this helpful?