Forensics Keyword List
This section covers forensics keyword information.
WTMP data will contain the data for current and past logged in users reported typically under /var/log/wtmp. The WTMP file will reveal current and past logg...
Thu, 4 Aug, 2022 at 5:53 PM
BTMP data will contain the data for bad login attempts under /var/run/btmp. The BTMP file will reveal invalid login attempts and where they originated. ...
Tue, 9 Aug, 2022 at 3:04 PM
The Kernel Module data contains all attributes about a Linux kernel module that was flagged by Sandfly Security or a user defined sandfly for whatever reaso...
Tue, 9 Aug, 2022 at 3:16 PM
The Systemd data contains all attributes about a systemd unit or user session that were flagged by Sandfly Security or a user defined sandfly for whatever r...
Tue, 9 Aug, 2022 at 3:19 PM
The data here will contain cron job information on the host if it was flagged by Sandfly Security or by a user. The formatting reflects standard Linux cron ...
Tue, 9 Aug, 2022 at 3:20 PM
These fields are for "at" job scheduled on the remote system flagged by Sandfly Security or by a user. They are formatted for easier parsing from ...
Thu, 4 Aug, 2022 at 5:54 PM