Views:

View data and descriptions of evidence in the account information category collected from Linux endpoints.

The following table contains descriptions of the evidence data in the account information category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident Response Toolkit. These evidence types are displayed in columns after selecting an evidence category when examining an Evidence Report.
Evidence Type
Evidence Data
Description
User
UID
The user ID
User name
The user name
GID
The group ID associated with the user
Group name
The name of the group associated with the user
Home directory
The home directory of the user
Shell
The shell program associated with the user
User group
GID
The group ID
Group name
The group name
Users
The users associated with the group
Shadow
Login name
The name used to sign in to the system
Days from expiration to disable
The number of days after the password expires that the user account is disabled
Account expiration
The date the account expires
Last changed
The date the account was last changed
Longest period between changes
The maximum number or elapsed days between account changes
Shortest period between changes
The minimum number of elapsed days between account changes