Back to binalyze.com

Multipathing Info

Overview

Evidence: Multipathing Info Description: ESXi Multipathing Info Category: DiskFilesystem Platform: esxi Short Name: mpathinfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

ESXi multipathing provides redundant storage connectivity by maintaining multiple paths between the host and storage devices. This configuration is critical for high availability and helps identify storage-related security events and misconfigurations.

Data Collected

This collector gathers structured data about multipathing info.

Multipathing Info Data

Field
Description
Example

AccessTime

Access Time

2023-10-15 14:30:25+03:00

AccessCount

Access Count

123

URL

URL

Example value

Browser

Browser

Example value

Title

Title

Example value

VisitDuration

Visit Duration

Example value

Referrer

Referrer

Example value

TypedCount

Typed Count

123

IsHidden

Is Hidden

true

TransitionType

Transition Type

Example value

VisitID

Visit ID

123

TransitionQualifiers

Transition Qualifiers

Example value

User

User

Example value

Profile

Profile

Example value

HistoryFilePath

History File Path

Example value

Collection Method

This collector parses the pre-generated multipathing information file (esx_multipathing_info.txt), extracting path details including runtime names, device identifiers, adapter information, plugin types, path states, and transport protocols for each configured storage path.

Forensic Value

Multipath configuration reveals storage topology, adapter relationships, and path states. Analyzing this data helps identify unauthorized storage modifications, detect compromised storage paths, and validate storage security configurations during incident investigations.

PreviousModule ListNextNetworks

Last updated

Was this helpful?