Logged Users
Overview
Section titled “Overview”Evidence: Logged Users
Description: Collect logged user list
Category: Applications
Platform: linux
Short Name: lgdusrs
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”This collector gathers logged users information from the Linux system. This data is essential for understanding user activity, detecting unauthorized access, and investigating authentication events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about logged users.
Collection Method
Section titled “Collection Method”This collector parses UTMP/WTMP records and records them into the logged_users table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides user session information. It helps investigators identify suspicious logins, trace session activities, and assess account misuse.