Mounts

Overview

Evidence: Mounts Description: Collect mounts Category: DiskFilesystem Platform: linux Short Name: mounts Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Mount information on AIX systems provides details about mounted file systems, storage devices, and network shares. This data is essential for understanding system storage configuration, detecting unauthorized mounts, and investigating storage-related security incidents. Mount information includes file system types, mount points, device information, and access permissions.

Data Collected

This collector gathers structured data about mounts.

Collection Method

This collector parses the necessary data from system mount information.

Forensic Value

This evidence is crucial for forensic investigations as it provides information about mounted file systems and storage configuration on AIX systems. It helps investigators understand storage layout, detect unauthorized mounts, and investigate storage-related attacks. The data can reveal file system types, mount points, device information, and access patterns. Analysts can use this information to identify suspicious mounts, trace storage access, and assess AIX system security posture.