# Multipathing Info ## Overview **Evidence:** Multipathing Info\ **Description:** ESXi Multipathing Info\ **Category:** DiskFilesystem\ **Platform:** esxi\ **Short Name:** mpathinfo\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background ESXi multipathing provides redundant storage connectivity by maintaining multiple paths between the host and storage devices. This configuration is critical for high availability and helps identify storage-related security events and misconfigurations. ## Data Collected This collector gathers structured data about multipathing info. ### Multipathing Info Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector parses the pre-generated multipathing information file (esx\_multipathing\_info.txt), extracting path details including runtime names, device identifiers, adapter information, plugin types, path states, and transport protocols for each configured storage path. ## Forensic Value Multipath configuration reveals storage topology, adapter relationships, and path states. Analyzing this data helps identify unauthorized storage modifications, detect compromised storage paths, and validate storage security configurations during incident investigations.