Last Access
Overview
Section titled “Overview”Evidence: Last Access
Description: Collect last access records
Category: Applications
Platform: linux
Short Name: lastacs
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”This collector gathers last access information from the Linux system. This data is essential for understanding user activity, detecting unauthorized access, and investigating authentication events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about last access.
Collection Method
Section titled “Collection Method”This collector parses UTMP/WTMP records and records them into the last_access table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides session activity details including logins and logouts, helping trace user behaviors and identify anomalies.