# CPU Info

## Overview

**Evidence:** CPU Info\
**Description:** ESXi CPU Info\
**Category:** System\
**Platform:** esxi\
**Short Name:** cpuinfo\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

ESXi CPU information provides detailed processor characteristics including core counts, speeds, cache configurations, and architecture details. This data establishes hardware baseline for the investigated host and can reveal hardware-specific vulnerabilities or performance anomalies that may indicate cryptomining or resource abuse.

## Data Collected

This collector gathers structured data about cpu info.

### CPU Info Data

| Field                  | Description           | Example       |
| ---------------------- | --------------------- | ------------- |
| `CPUID`                | CPUID                 | 123           |
| `PackageID`            | Package ID            | 123           |
| `Family`               | Family                | 123           |
| `Model`                | Model                 | 123           |
| `Type`                 | Type                  | 123           |
| `Stepping`             | Stepping              | 123           |
| `Brand`                | Brand                 | Example value |
| `CoreSpeed`            | Core Speed            | 123           |
| `BusSpeed`             | Bus Speed             | 123           |
| `APICID`               | APICID                | Example value |
| `Node`                 | Node                  | 123           |
| `L2CacheSize`          | L2Cache Size          | 123           |
| `L2CacheAssociativity` | L2Cache Associativity | 123           |
| `L2CacheLineSize`      | L2Cache Line Size     | 123           |
| `L2CacheCPUCount`      | L2Cache CPU Count     | 123           |
| `L3CacheSize`          | L3Cache Size          | 123           |
| `L3CacheAssociativity` | L3Cache Associativity | 123           |
| `L3CacheLineSize`      | L3Cache Line Size     | 123           |
| `L3CacheCPUCount`      | L3Cache CPU Count     | 123           |

## Collection Method

This collector parses CPU information files, extracting processor IDs, package/core/thread counts, vendor details, model numbers, family information, stepping, CPU speeds, bus speeds, APIC IDs, NUMA node assignments, and L2/L3 cache specifications for each physical CPU package.

## Forensic Value

CPU configuration data helps validate host identity, detect hardware changes, and identify resource exhaustion patterns. Unusual CPU utilization correlated with CPU capabilities may indicate cryptomining, resource hijacking, or VM escape attempts. Cache and NUMA topology also assist in understanding side-channel attack feasibility.