Users

Overview

Evidence: Users Description: Collect Users Category: Users Platform: Windows Short Name: users Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Windows user information provides details about user accounts, profiles, and access rights on the system. This data is essential for understanding system access and detecting unauthorized accounts.

Data Collected

This collector gathers structured data about users.

Users Data

Field

Description

Example

ID

Primary key (auto-increment)

Name

Username

Administrator

Directory

User profile directory

C:\Users\Administrator

ModifiedTime

Last modified time

2023-10-15 14:30:25

AcessedTime

Last accessed time

2023-10-15 14:30:25

CreatedTime

Account creation time

2023-10-15 14:30:25

Collection Method

This collector parses the necessary data from the users table.

Usage

This evidence is crucial for forensic investigations as it provides user account and access information. It helps investigators understand system access, detect unauthorized accounts, and investigate user-based attacks. The data can reveal user accounts, access rights, and potential security vulnerabilities. Analysts can use this information to identify account compromises, trace user activities, and assess Windows security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousUserAssist NextVolume Information

Last updated 46 minutes ago

Was this helpful?