Users

Overview

Evidence: Users Description: Collect Users Category: System Platform: windows Short Name: users Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Windows user account and profile directories provide context on local users and their home folders. This data is essential for understanding access and detecting unauthorized accounts.

Data Collected

This collector gathers structured data about users.

Collection Method

This collector enumerates local users and profiles, reading directory timestamps for created, accessed, and modified times.

Forensic Value

This evidence is crucial for forensic investigations to identify accounts, profile paths, and timeline of profile activity.