Environment Variables

Overview

Evidence: Environment Variables Description: Enumerate Environment Variables Category: System Platform: windows Short Name: envvars Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Environment variables influence process behavior and can be abused for persistence or evasion. This data is essential for auditing process and registry-scoped variables.

Data Collected

This collector gathers structured data about environment variables.

Collection Method

This collector queries the current process environment and reads system/user environment values from registry across views and SIDs.

Forensic Value

This evidence is crucial for forensic investigations to detect suspicious variables, altered paths, and injected configuration.

PreviousElastic Logs NextEset Logs

Last updated 3 days ago

Was this helpful?