CPU Info

Overview

Evidence: CPU Info
Description: ESXi CPU Info
Category: System
Platform: esxi
Short Name: cpuinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

ESXi CPU information provides detailed processor characteristics including core counts, speeds, cache configurations, and architecture details. This data establishes hardware baseline for the investigated host and can reveal hardware-specific vulnerabilities or performance anomalies that may indicate cryptomining or resource abuse.

Data Collected

This collector gathers structured data about cpu info.

CPU Info Data

Field	Description	Example
`CPUID`	CPUID	123
`PackageID`	Package ID	123
`Family`	Family	123
`Model`	Model	123
`Type`	Type	123
`Stepping`	Stepping	123
`Brand`	Brand	Example value
`CoreSpeed`	Core Speed	123
`BusSpeed`	Bus Speed	123
`APICID`	APICID	Example value
`Node`	Node	123
`L2CacheSize`	L2Cache Size	123
`L2CacheAssociativity`	L2Cache Associativity	123
`L2CacheLineSize`	L2Cache Line Size	123
`L2CacheCPUCount`	L2Cache CPU Count	123
`L3CacheSize`	L3Cache Size	123
`L3CacheAssociativity`	L3Cache Associativity	123
`L3CacheLineSize`	L3Cache Line Size	123
`L3CacheCPUCount`	L3Cache CPU Count	123

Collection Method

This collector parses CPU information files, extracting processor IDs, package/core/thread counts, vendor details, model numbers, family information, stepping, CPU speeds, bus speeds, APIC IDs, NUMA node assignments, and L2/L3 cache specifications for each physical CPU package.

Forensic Value

CPU configuration data helps validate host identity, detect hardware changes, and identify resource exhaustion patterns. Unusual CPU utilization correlated with CPU capabilities may indicate cryptomining, resource hijacking, or VM escape attempts. Cache and NUMA topology also assist in understanding side-channel attack feasibility.