Back to binalyze.com

Processes

Overview

Evidence: Processes Description: Collect process list Category: System Platform: linux Short Name: process Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Process information on AIX systems provides detailed records of running processes, their attributes, and system resource usage. This data is essential for understanding system activity, detecting malicious processes, and investigating process-related security incidents. AIX process information includes process IDs, command lines, resource usage, and execution context.

Data Collected

This collector gathers structured data about processes.

Processes Data

Field
Description
Example

CWD

CWD

Example value

ChildrenMajorFaults

Children Major Faults

123

ChildrenMinorFaults

Children Minor Faults

123

Command

Command

Example value

CommandLine

Command Line

Example value

EffectiveGroupId

Effective Group Id

123

EffectiveUserId

Effective User Id

123

EffectiveUserName

Effective User Name

Example value

Environment

Environment

Example value

Executable

Executable

Example value

IsExecutableExists

Is Executable Exists

true

Hash

Hash

Example value

FileDescriptors

File Descriptors

Example value

Flags

Flags

123

GroupId

Group Id

123

MajorFaults

Major Faults

123

Maps

Maps

[]

MinorFaults

Minor Faults

123

Nice

Nice

123

ParentId

Parent Id

123

Priority

Priority

123

ProcessId

Process Id

123

RealGroupId

Real Group Id

123

RealUserId

Real User Id

123

ResidentSize

Resident Size

123

SavedGroupId

Saved Group Id

123

SavedUserId

Saved User Id

123

SessionId

Session Id

123

State

State

Example value

Threads

Threads

123

TpgId

Tpg Id

123

TtyNr

Tty Nr

123

RealUserName

Real User Name

Example value

SavedUserName

Saved User Name

Example value

VMSize

VM Size

123

CSTime

CS Time

123

CUTime

CU Time

123

SystemTime

System Time

123

StartTime

Start Time

123

StartDateTime

Start Date Time

2023-10-15 14:30:25+03:00

UserTime

User Time

123

Collection Method

This collector parses the necessary data from system process information and file system.

Forensic Value

This evidence is crucial for forensic investigations as it provides comprehensive process information for AIX systems. It helps investigators understand system activity, detect malicious processes, and investigate process-related attacks. The data can reveal running applications, resource usage patterns, and execution context. Analysts can use this information to identify suspicious processes, trace process relationships, and assess AIX system security posture.

PreviousProcess Open FilesNextRAM Image

Last updated

Was this helpful?