Learn about the types of evidence in the user activity category that the Incident Response Evidence Collection playbook, Collect Evidence task, and Trend Micro Incident Response Toolkit collect.
Browser history (All, Chrome, Firefox, Edge)
|
Evidence Data
|
Description
|
|
Browser Type
|
The type of web browser used to access the URL.
|
|
URL
|
The web address that was accessed.
|
|
Title
|
The title of the website that was visited.
|
|
Visit Count
|
The number of times the URL has been accessed.
|
|
User
|
The user that accessed the URL.
|
|
Download URL
|
The source URL from which a file was downloaded.
|
|
Target Path
|
The destination path where the downloaded file was saved.
|
|
Last Visit Time
|
The date and time when the URL was last accessed.
|
ShellBags
|
Evidence Data
|
Description
|
|
SID
|
The Security Identifier of the user account.
|
|
Source
|
The Shellbags source Registry file.
|
|
Path
|
The directory name that the shellbag is tracking.
|
|
Creation Time
|
The date the directory was created.
|
|
Modification Time
|
The last time the directory was modified.
|
|
Access Time
|
The last time the directory was accessed.
|
|
MFT Entry
|
The directory's Master File Table entry index number.
|
|
MFT Sequence
|
The directory's Master File Table sequence number.
|