Users

Overview

Evidence: User Information Description: Collect user list Category: Users Platform: AIX Short Name: users Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

User information on AIX systems provides details about system users, their accounts, and access configurations. This data is essential for understanding system access, detecting unauthorized accounts, and investigating user-related security incidents. AIX user information includes user IDs, group memberships, home directories, and shell configurations.

Data Collected

This collector gathers structured data about users.

Users Data

Collection Method

This collector parses the necessary data from the /etc/passwd file.

Usage

This evidence is crucial for forensic investigations as it provides information about system users and their configurations on AIX systems. It helps investigators understand user accounts, detect unauthorized access, and investigate user-related attacks. The data can reveal user privileges, group memberships, and access patterns. Analysts can use this information to identify suspicious accounts, trace user activities, and assess AIX system security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.