CollectInfo

Overview

Evidence: CollectInfo
Description: CollectInfo
Category: System
Platform: esxi
Short Name: cinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

Collection information tracks file-level details for collected artifacts including file paths, sizes, hashes, and timestamps. This metadata validates evidence integrity, supports deduplication, and provides file-level provenance for collected evidence.

Data Collected

This collector gathers structured data about collectinfo.

CollectInfo Data

Field	Description	Example
`AccessTime`	Access Time	2023-10-15 14:30:25+03:00
`AccessCount`	Access Count	123
`URL`	URL	Example value
`Browser`	Browser	Example value
`Title`	Title	Example value
`VisitDuration`	Visit Duration	Example value
`Referrer`	Referrer	Example value
`TypedCount`	Typed Count	123
`IsHidden`	Is Hidden	true
`TransitionType`	Transition Type	Example value
`VisitID`	Visit ID	123
`TransitionQualifiers`	Transition Qualifiers	Example value
`User`	User	Example value
`Profile`	Profile	Example value
`HistoryFilePath`	History File Path	Example value

Collection Method

This collector records metadata for each collected file, capturing file paths, file sizes, cryptographic hashes (for integrity verification), access/modification/change timestamps, and file permissions.

Forensic Value

Collection metadata ensures evidence integrity through hash verification, supports duplicate detection, enables timestamp analysis, and provides detailed inventory of collected artifacts. Hash values prove file integrity and detect tampering, while timestamps establish file timeline context.