Shadow

Overview

Evidence: Shadow Description: Collect shadow content Category: Applications Platform: linux Short Name: shadow Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Linux shadow file contains encrypted password information and account security settings. This data is essential for understanding password policies, detecting password-based attacks, and investigating authentication security incidents.

Data Collected

This collector gathers structured data about shadow.

Shadow Data

Field

Description

Example

Username

Username

Example value

Expire

Expire

123

Inactive

Inactive

123

LastChange

Last Change

123

Max

Max

123

Min

Min

123

PasswordStatus

Password Status

Example value

Warning

Warning

123

Collection Method

This collector parses the necessary data from the /etc/shadow file and records data into the shadow table.

Forensic Value

This evidence is crucial for forensic investigations as it provides password and authentication information. It helps investigators understand password policies, detect password-based attacks, and investigate authentication security incidents.

PreviousSELinux Settings NextShared Memory

Last updated 2 days ago

Was this helpful?