# Logged Users

## Overview

**Evidence:** Logged Users\
**Description:** Collect logged user list\
**Category:** Applications\
**Platform:** linux\
**Short Name:** lgdusrs\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

This collector gathers logged users information from the Linux system. This data is essential for understanding user activity, detecting unauthorized access, and investigating authentication events.

## Data Collected

This collector gathers structured data about logged users.

## Collection Method

This collector parses UTMP/WTMP records and records them into the `logged_users` table.

## Forensic Value

This evidence is crucial for forensic investigations as it provides user session information. It helps investigators identify suspicious logins, trace session activities, and assess account misuse.