Last Access

Overview

Evidence: Last Access Description: Collect last access records Category: Applications Platform: linux Short Name: lastacs Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers last access information from the Linux system. This data is essential for understanding user activity, detecting unauthorized access, and investigating authentication events.

Data Collected

This collector gathers structured data about last access.

Collection Method

This collector parses UTMP/WTMP records and records them into the last_access table.

Forensic Value

This evidence is crucial for forensic investigations as it provides session activity details including logins and logouts, helping trace user behaviors and identify anomalies.