Views:

View data and descriptions of evidence in the user activity category collected from Linux endpoints.

The following table contains descriptions of the evidence data in the user activity category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident Response Toolkit. These evidence types are displayed in columns after selecting an evidence category when examining an Evidence Report.
Evidence Type
Evidence Data
Description
Command line history
UIDs
The user IDs associated with the command line history
Command source
The path showing the source of the command
Command
The command executed
Command position
The order of the command in the record file indicating when the command is to be executed
Browser history
  • Chrome
  • Firefox
  • All
Browser type
The type of browser used
URL
The accessed URL
Title
The title of the website
Visit count
The number of times the URL has been accessed
User
The user accessing the URL
Download URL
The source URL of the downloaded file if any
Target path
The destination of the downloaded file
Last visit time
The date the URL was last accessed