File System Enumeration

Overview

Evidence: File System Enumeration Description: Dump file and folder information. Category: DiskFilesystem Platform: macos Short Name: fsenum Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

File system enumeration provides comprehensive information about files, directories, and file system structure on Unix-like systems. This data is essential for understanding file system state and detecting unauthorized file modifications.

Data Collected

This collector gathers structured data about file system enumeration.

File System Enumeration Data

Field

Description

Example

GroupId

Group Id

123

UserId

User Id

123

Mode

Mode

123

Dev

Dev

123

Nlink

Nlink

123

Size

Size

123

Ino

Ino

123

Path

Path

Example value

LastChangeTime

Last Change Time

2023-10-15 14:30:25+03:00

AccessTime

Access Time

2023-10-15 14:30:25+03:00

ModificationTime

Modification Time

2023-10-15 14:30:25+03:00

Collection Method

This collector enumerates the file system and records metadata to the file_system_enumeration table.

Forensic Value

This evidence is crucial for forensic investigations as it provides file system information. It helps investigators understand file system state, detect unauthorized file modifications, and investigate file-based attacks. The data can reveal file changes, directory structures, and potential file system vulnerabilities.

PreviousFile Last Used NextFinder Mounted Volume

Last updated 3 days ago

Was this helpful?