View attributed and descriptions within the shared file info object category collected from Linux endpoints.
The following table contains descriptions of the attributes in the
shared file info objects category that may be collected from Linux endpoints by the
Collect Evidence task and Trend Micro Incident
Response Toolkit. These attributes are displayed associated with other evidence types
when examining an Evidence
Report.
 |
NoteShared file info objects may appear in multiple evidence categories
or types.
|
|
Attribute
|
Description
|
|
File path
|
The relative location of the file
|
|
SHA1
|
The SHA1 of the file
|
|
Last accessed
|
The last time the file was accessed
|
|
Last content change
|
The last time the file contents were modified
|
|
Last attribute change
|
The last time the file attributes were modified
|
|
Owner UID
|
The user ID of the file owner
|
|
Owner user name
|
The user name of the file owner
|
|
GID
|
The group ID associated with the file
|
|
Group name
|
The group name associated with the file
|
|
Containing device ID
|
The identifier for the device containing the file
|
|
Inode number
|
The index node that identifies the file
|
|
Permissions/type
|
The mode of the file, including assigned permissions and file type
information
|
|
Hard links
|
The number of hard links from directories pointing to the file
|
|
File size
|
The size of the file in bytes or length of the file name when referring to a
symbolic link
|
|
File name
|
The name of the file
|
|
MIME type
|
The MIME string identifying the file content type
|
|
Format
|
The file format as retrieved from the file binary
|