Evidence: Last Access
Description: Collect last access records
Category: Applications
Platform: linux
Short Name: lastacs
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
This collector gathers last access information from the Linux system. This data is essential for understanding user activity, detecting unauthorized access, and investigating authentication events.
Data Collected
This collector gathers structured data about last access.
Collection Method
This collector parses UTMP/WTMP records and records them into the last_access table.
Forensic Value
This evidence is crucial for forensic investigations as it provides session activity details including logins and logouts, helping trace user behaviors and identify anomalies.
