Evidence: Users
Description: Collect Users
Category: System
Platform: windows
Short Name: users
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Windows user account and profile directories provide context on local users and their home folders. This data is essential for understanding access and detecting unauthorized accounts.
Data Collected
This collector gathers structured data about users.
Collection Method
This collector enumerates local users and profiles, reading directory timestamps for created, accessed, and modified times.
Forensic Value
This evidence is crucial for forensic investigations to identify accounts, profile paths, and timeline of profile activity.
