# File System Enumeration as CSV ## Overview **Evidence:** File System Enumeration as CSV\ **Description:** Dump file and folder information as CSV.\ **Group:** DiskFilesystem\ **Sub Group:** Disk & File System\ **Platform:** linux\ **Short Name:** fsenum\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** No\ **Collect Raw File(s):** No\ **Collect as CSV File:** Yes ## Background File system enumeration provides comprehensive information about files, directories, and file system structure on Unix-like systems. This data is essential for understanding file system state and detecting unauthorized file modifications. ## Data Collected This collector gathers structured data about file system enumeration as csv. ### File System Enumeration as CSV Data | Field | Description | Example | | ------------------ | ----------------- | ------------------------- | | `GroupId` | Group Id | 123 | | `UserId` | User Id | 123 | | `Mode` | Mode | 123 | | `Dev` | Dev | 123 | | `Nlink` | Nlink | 123 | | `Size` | Size | 123 | | `Ino` | Ino | 123 | | `Path` | Path | Example value | | `LastChangeTime` | Last Change Time | 2023-10-15 14:30:25+03:00 | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `ModificationTime` | Modification Time | 2023-10-15 14:30:25+03:00 | ## Collection Method This collector enumerates the file system and records metadata to the `file_system_enumeration` table. ## Forensic Value This evidence is crucial for forensic investigations as it provides file system information. It helps investigators understand file system state, detect unauthorized file modifications, and investigate file-based attacks. The data can reveal file changes, directory structures, and potential file system vulnerabilities.