Process Open Files

Overview

Evidence: Process Open Files Description: Collect process open files information Category: System Platform: linux Short Name: popenf Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers process open files information from the Linux system. This data is essential for understanding process activity, detecting suspicious file access, and investigating process-based security incidents.

Data Collected

This collector gathers structured data about process open files.

Collection Method

This collector parses process file descriptor information and records it into the process_open_files table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals files accessed by processes, helping detect data exfiltration, malware behavior, and unauthorized access.

PreviousPostgreSQL Logs NextProcesses

Last updated 4 days ago

Was this helpful?