PCI Info

Overview

Evidence: PCI Info
Description: ESXi PCI Info
Category: DiskFilesystem
Platform: esxi
Short Name: pciinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

PCI device enumeration provides comprehensive hardware inventory including network cards, storage controllers, GPUs, and other expansion devices. This baseline establishes expected hardware configuration and helps detect unauthorized physical device additions or modifications.

Data Collected

This collector gathers structured data about pci info.

PCI Info Data

Field	Description	Example
`Address`	Address	Example value
`Segment`	Segment	Example value
`Bus`	Bus	Example value
`Slot`	Slot	Example value
`Function`	Function	Example value
`VMKernelName`	VM Kernel Name	Example value
`VendorName`	Vendor Name	Example value
`DeviceName`	Device Name	Example value
`ConfiguredOwner`	Configured Owner	Example value
`CurrentOwner`	Current Owner	Example value
`VendorID`	Vendor ID	Example value
`DeviceID`	Device ID	Example value
`SubVendorID`	Sub Vendor ID	Example value
`SubDeviceID`	Sub Device ID	Example value
`DeviceClass`	Device Class	Example value
`DeviceClassName`	Device Class Name	Example value
`ProgrammingInterface`	Programming Interface	Example value
`RevisionID`	Revision ID	Example value
`InterruptLine`	Interrupt Line	Example value
`IRQ`	IRQ	123
`InterruptVector`	Interrupt Vector	Example value
`PCIPin`	PCI Pin	Example value
`SpawnedBus`	Spawned Bus	Example value
`Flags`	Flags	Example value
`ModuleID`	Module ID	123
`ModuleName`	Module Name	Example value
`Chassis`	Chassis	123
`PhysicalSlot`	Physical Slot	123
`SlotDescription`	Slot Description	Example value
`DeviceLayerBusAddress`	Device Layer Bus Address	Example value
`PassThruCapable`	Pass Thru Capable	Example value
`ParentDevice`	Parent Device	Example value
`DependentDevice`	Dependent Device	Example value
`ResetMethod`	Reset Method	Example value
`FPTSharable`	FPT Sharable	Example value
`NUMANode`	NUMA Node	123
`ExtendedDeviceID`	Extended Device ID	123
`ExtendedDeviceName`	Extended Device Name	Example value

Collection Method

This collector parses PCI device information, extracting bus addresses, device IDs, vendor IDs, device classes, subsystem information, driver associations, and device names for all PCI and PCIe devices visible to the ESXi host.

Forensic Value

PCI device inventory validates hardware configuration, detects rogue devices like hardware keyloggers or network taps, identifies unauthorized passthrough configurations, and reveals hardware-based attack vectors. Device ID changes or unexpected additions indicate physical tampering or malicious hardware implants.