View data and descriptions of evidence in the account information category collected from Linux endpoints.
The following table contains descriptions of the evidence data in the account information
category that the Collect Evidence task and Trend Micro Incident Response Toolkit may collect from Linux endpoints. These evidence types appear in columns after selecting
an evidence category when examining an Evidence Report.
User
|
Evidence Data
|
Description
|
|
UID
|
The user ID
|
|
User name
|
The user name
|
|
GID
|
The group ID associated with the user
|
|
Group name
|
The name of the group associated with the user
|
|
Home directory
|
The home directory of the user
|
|
Shell
|
The shell program associated with the user
|
User group
|
Evidence Data
|
Description
|
|
GID
|
The group ID
|
|
Group name
|
The group name
|
|
Users
|
The users associated with the group
|
Shadow
|
Evidence Data
|
Description
|
|
Login name
|
The name used to sign in to the system
|
|
Days from expiration to disable
|
The number of days after the password expires that the user account is
disabled
|
|
Account expiration
|
The date the account expires
|
|
Last changed
|
The date the account was last changed
|
|
Longest period between changes
|
The maximum number or elapsed days between account changes
|
|
Shortest period between changes
|
The minimum number of elapsed days between account changes
|