View data and descriptions of evidence in the account information category collected from Linux endpoints.
The following table contains descriptions of the evidence data in the
account information category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident
Response Toolkit. These evidence types are displayed in columns after selecting an
evidence category when examining an Evidence
Report.
|
Evidence Type
|
Evidence Data
|
Description
|
|
User
|
UID
|
The user ID
|
|
User name
|
The user name
|
|
|
GID
|
The group ID associated with the user
|
|
|
Group name
|
The name of the group associated with the user
|
|
|
Home directory
|
The home directory of the user
|
|
|
Shell
|
The shell program associated with the user
|
|
|
User group
|
GID
|
The group ID
|
|
Group name
|
The group name
|
|
|
Users
|
The users associated with the group
|
|
|
Shadow
|
Login name
|
The name used to sign in to the system
|
|
Days from expiration to disable
|
The number of days after the password expires that the user account is
disabled
|
|
|
Account expiration
|
The date the account expires
|
|
|
Last changed
|
The date the account was last changed
|
|
|
Longest period between changes
|
The maximum number or elapsed days between account changes
|
|
|
Shortest period between changes
|
The minimum number of elapsed days between account changes
|