Logged Users

Overview

Evidence: Logged Users Description: Collect logged user list Category: Applications Platform: linux Short Name: lgdusrs Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers logged users information from the Linux system. This data is essential for understanding user activity, detecting unauthorized access, and investigating authentication events.

Data Collected

This collector gathers structured data about logged users.

Collection Method

This collector parses UTMP/WTMP records and records them into the logged_users table.

Forensic Value

This evidence is crucial for forensic investigations as it provides user session information. It helps investigators identify suspicious logins, trace session activities, and assess account misuse.