Forensics Keyword List
This section covers forensics keyword information.
WTMP data will contain the data for current and past logged in users reported typically under /var/log/wtmp. The WTMP file will reveal current and past logg...
Mon, 27 Dec, 2021 at 10:43 AM
BTMP data will contain the data for bad login attempts under /var/run/btmp. The BTMP file will reveal invalid login attempts and where they originated. ...
Mon, 27 Dec, 2021 at 10:48 AM
The data here will contain cron job information on the host if it was flagged by Sandfly Security or by a user. The formatting reflects standard Linux cron ...
Mon, 27 Dec, 2021 at 12:13 PM
These fields are for "at" job scheduled on the remote system flagged by Sandfly Security or by a user. They are formatted for easier parsing from ...
Mon, 27 Dec, 2021 at 12:17 PM