View data and descriptions of evidence in the user activity category collected from Linux endpoints.
The following table contains descriptions of the evidence data in the
user activity category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident
Response Toolkit. These evidence types are displayed in columns after selecting an
evidence category when examining an Evidence
Report.
|
Evidence Type
|
Evidence Data
|
Description |
|
Command line history
|
UIDs
|
The user IDs associated with the command line history
|
|
Command source
|
The path showing the source of the command
|
|
|
Command
|
The command executed
|
|
|
Command position
|
The order of the command in the record file indicating when the command is to
be executed
|
|
|
Browser history
|
Browser type
|
The type of browser used
|
|
URL
|
The accessed URL
|
|
|
Title
|
The title of the website
|
|
|
Visit count
|
The number of times the URL has been accessed
|
|
|
User
|
The user accessing the URL
|
|
|
Download URL
|
The source URL of the downloaded file if any
|
|
|
Target path
|
The destination of the downloaded file
|
|
|
Last visit time
|
The date the URL was last accessed
|