Views:

View attributed and descriptions within the shared file info object category collected from Linux endpoints.

The following table contains descriptions of the attributes in the shared file info objects category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident Response Toolkit. These attributes are displayed associated with other evidence types when examining an Evidence Report.
Note
Note
Shared file info objects may appear in multiple evidence categories or types.
Attribute
Description
File path
The relative location of the file
SHA1
The SHA1 of the file
Last accessed
The last time the file was accessed
Last content change
The last time the file contents were modified
Last attribute change
The last time the file attributes were modified
Owner UID
The user ID of the file owner
Owner user name
The user name of the file owner
GID
The group ID associated with the file
Group name
The group name associated with the file
Containing device ID
The identifier for the device containing the file
Inode number
The index node that identifies the file
Permissions/type
The mode of the file, including assigned permissions and file type information
Hard links
The number of hard links from directories pointing to the file
File size
The size of the file in bytes or length of the file name when referring to a symbolic link
File name
The name of the file
MIME type
The MIME string identifying the file content type
Format
The file format as retrieved from the file binary