# Kernel Info ## Overview **Evidence:** Kernel Info\ **Description:** ESXi Kernel Info\ **Category:** System\ **Platform:** esxi\ **Short Name:** kerninfo\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background ESXi kernel (VMkernel) information provides details about the hypervisor's core operating system layer, including version, build numbers, and loaded modules. Kernel information is essential for identifying vulnerable versions, detecting unauthorized kernel modifications, and validating patch levels. ## Data Collected This collector gathers structured data about kernel info. ### Kernel Info Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector parses kernel information files, extracting VMkernel version strings, build identifiers, release information, and compilation timestamps from ESXi kernel metadata sources. ## Forensic Value Kernel version data helps identify known vulnerabilities, validate patch compliance, and detect version inconsistencies that may indicate rootkit installation or system tampering. Build information also assists in timeline reconstruction and verifying legitimate system updates versus malicious modifications.