Multipathing Info
Overview
Section titled “Overview”Evidence: Multipathing Info
Description: ESXi Multipathing Info
Category: DiskFilesystem
Platform: esxi
Short Name: mpathinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”ESXi multipathing provides redundant storage connectivity by maintaining multiple paths between the host and storage devices. This configuration is critical for high availability and helps identify storage-related security events and misconfigurations.
Data Collected
Section titled “Data Collected”This collector gathers structured data about multipathing info.
Multipathing Info Data
Section titled “Multipathing Info Data”| Field | Description | Example |
|---|---|---|
AccessTime | Access Time | 2023-10-15 14:30:25+03:00 |
AccessCount | Access Count | 123 |
URL | URL | Example value |
Browser | Browser | Example value |
Title | Title | Example value |
VisitDuration | Visit Duration | Example value |
Referrer | Referrer | Example value |
TypedCount | Typed Count | 123 |
IsHidden | Is Hidden | true |
TransitionType | Transition Type | Example value |
VisitID | Visit ID | 123 |
TransitionQualifiers | Transition Qualifiers | Example value |
User | User | Example value |
Profile | Profile | Example value |
HistoryFilePath | History File Path | Example value |
Collection Method
Section titled “Collection Method”This collector parses the pre-generated multipathing information file (esx_multipathing_info.txt), extracting path details including runtime names, device identifiers, adapter information, plugin types, path states, and transport protocols for each configured storage path.
Forensic Value
Section titled “Forensic Value”Multipath configuration reveals storage topology, adapter relationships, and path states. Analyzing this data helps identify unauthorized storage modifications, detect compromised storage paths, and validate storage security configurations during incident investigations.