Disk Usage
Overview
Evidence: Disk Usage Description: ESXi Disk Usage Category: DiskFilesystem Platform: esxi Short Name: diskusg Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
ESXi disk usage statistics track storage consumption across filesystems, partitions, and volumes on the hypervisor. Monitoring disk usage helps identify suspicious storage patterns, detect data staging for exfiltration, and reveal space exhaustion attacks or log file tampering.
Data Collected
This collector gathers structured data about disk usage.
Disk Usage Data
AccessTime
Access Time
2023-10-15 14:30:25+03:00
AccessCount
Access Count
123
URL
URL
Example value
Browser
Browser
Example value
Title
Title
Example value
VisitDuration
Visit Duration
Example value
Referrer
Referrer
Example value
TypedCount
Typed Count
123
IsHidden
Is Hidden
true
TransitionType
Transition Type
Example value
VisitID
Visit ID
123
TransitionQualifiers
Transition Qualifiers
Example value
User
User
Example value
Profile
Profile
Example value
HistoryFilePath
History File Path
Example value
Collection Method
This collector parses disk usage reports, extracting filesystem mount points, total capacity, used space, available space, usage percentages, and mount status for each storage volume accessible to the ESXi host.
Forensic Value
Disk usage patterns reveal anomalous storage consumption that may indicate malware staging areas, log file manipulation to hide evidence, or denial-of-service attempts via disk exhaustion. Comparing usage trends helps identify rapid changes consistent with data exfiltration or malicious file placement.
Last updated
Was this helpful?