Skip to content
AIR Knowledge Base

SCSI Info

Overview

Section titled “Overview”

Evidence: SCSI Info
Description: ESXi SCSI Info
Category: DiskFilesystem
Platform: esxi
Short Name: scsiinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

Section titled “Background”

SCSI storage devices and adapters connect ESXi hosts to local and remote storage systems. SCSI device inventory reveals storage topology, LUN mappings, and adapter configurations that are essential for understanding data storage architecture and detecting unauthorized storage access.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about scsi info.

SCSI Info Data

Section titled “SCSI Info Data”
FieldDescriptionExample
DeviceTypeDevice TypeExample value
SizeSizeExample value
DisplayNameDisplay NameExample value
MultipathPluginMultipath PluginExample value
ConsoleDeviceConsole DeviceExample value
DevfsPathDevfs PathExample value
VendorVendorExample value
ModelModelExample value
RevisionRevisionExample value
SCSILevelSCSI LevelExample value
IsPseudoIs PseudoExample value
StatusStatusExample value
IsRDMCapableIs RDM CapableExample value
IsRemovableIs RemovableExample value
IsLocalIs LocalExample value
IsSSDIs SSDExample value
OtherNamesOther NamesExample value
VAAIStatusVAAI StatusExample value

Collection Method

Section titled “Collection Method”

This collector parses SCSI device information, extracting device names, adapter types, target IDs, LUN numbers, vendor identifiers, product information, device sizes, and operational states for each SCSI device visible to the ESXi host.

Forensic Value

Section titled “Forensic Value”

SCSI configuration analysis helps identify unauthorized LUN presentations, detect rogue storage devices, validate storage security configurations, and trace data access paths. Unexpected SCSI devices or LUN changes may indicate storage-based data exfiltration attempts or unauthorized backup access.