Forensics Keyword List

This section covers forensics keyword information.

WTMP Log Data
WTMP data will contain the data for current and past logged in users reported typically under /var/log/wtmp. The WTMP file will reveal current and past logg...
Mon, 27 Dec, 2021 at 10:43 AM
BTMP Log Data
BTMP data will contain the data for bad login attempts under /var/run/btmp. The BTMP file will reveal invalid login attempts and where they originated. ...
Mon, 27 Dec, 2021 at 10:48 AM
Cron Job Data
The data here will contain cron job information on the host if it was flagged by Sandfly Security or by a user. The formatting reflects standard Linux cron ...
Mon, 27 Dec, 2021 at 12:13 PM
At Job Data
These fields are for "at" job scheduled on the remote system flagged by Sandfly Security or by a user. They are formatted for easier parsing from ...
Mon, 27 Dec, 2021 at 12:17 PM