Users
Overview
Section titled “Overview”Evidence: Users
Description: Collect user list
Category: System
Platform: aix
Short Name: users
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”User information on AIX systems provides details about system users, their accounts, and access configurations. This data is essential for understanding system access, detecting unauthorized accounts, and investigating user-related security incidents. AIX user information includes user IDs, group memberships, home directories, and shell configurations.
Data Collected
Section titled “Data Collected”This collector gathers structured data about users.
Collection Method
Section titled “Collection Method”This collector parses the necessary data from the /etc/passwd file.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides information about system users and their configurations on AIX systems. It helps investigators understand user accounts, detect unauthorized access, and investigate user-related attacks. The data can reveal user privileges, group memberships, and access patterns. Analysts can use this information to identify suspicious accounts, trace user activities, and assess AIX system security posture.