# Processes ## Overview **Evidence:** Processes\ **Description:** Collect process list\ **Category:** System\ **Platform:** linux\ **Short Name:** process\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background Process information on AIX systems provides detailed records of running processes, their attributes, and system resource usage. This data is essential for understanding system activity, detecting malicious processes, and investigating process-related security incidents. AIX process information includes process IDs, command lines, resource usage, and execution context. ## Data Collected This collector gathers structured data about processes. ### Processes Data | Field | Description | Example | | --------------------- | --------------------- | ------------------------- | | `CWD` | CWD | Example value | | `ChildrenMajorFaults` | Children Major Faults | 123 | | `ChildrenMinorFaults` | Children Minor Faults | 123 | | `Command` | Command | Example value | | `CommandLine` | Command Line | Example value | | `EffectiveGroupId` | Effective Group Id | 123 | | `EffectiveUserId` | Effective User Id | 123 | | `EffectiveUserName` | Effective User Name | Example value | | `Environment` | Environment | Example value | | `Executable` | Executable | Example value | | `IsExecutableExists` | Is Executable Exists | true | | `Hash` | Hash | Example value | | `FileDescriptors` | File Descriptors | Example value | | `Flags` | Flags | 123 | | `GroupId` | Group Id | 123 | | `MajorFaults` | Major Faults | 123 | | `Maps` | Maps | \[] | | `MinorFaults` | Minor Faults | 123 | | `Nice` | Nice | 123 | | `ParentId` | Parent Id | 123 | | `Priority` | Priority | 123 | | `ProcessId` | Process Id | 123 | | `RealGroupId` | Real Group Id | 123 | | `RealUserId` | Real User Id | 123 | | `ResidentSize` | Resident Size | 123 | | `SavedGroupId` | Saved Group Id | 123 | | `SavedUserId` | Saved User Id | 123 | | `SessionId` | Session Id | 123 | | `State` | State | Example value | | `Threads` | Threads | 123 | | `TpgId` | Tpg Id | 123 | | `TtyNr` | Tty Nr | 123 | | `RealUserName` | Real User Name | Example value | | `SavedUserName` | Saved User Name | Example value | | `VMSize` | VM Size | 123 | | `CSTime` | CS Time | 123 | | `CUTime` | CU Time | 123 | | `SystemTime` | System Time | 123 | | `StartTime` | Start Time | 123 | | `StartDateTime` | Start Date Time | 2023-10-15 14:30:25+03:00 | | `UserTime` | User Time | 123 | ## Collection Method This collector parses the necessary data from system process information and file system. ## Forensic Value This evidence is crucial for forensic investigations as it provides comprehensive process information for AIX systems. It helps investigators understand system activity, detect malicious processes, and investigate process-related attacks. The data can reveal running applications, resource usage patterns, and execution context. Analysts can use this information to identify suspicious processes, trace process relationships, and assess AIX system security posture.