Skip to content

FS_Sys_Sysinfo

Jump to bottom
Ulf Frisk edited this page Apr 23, 2024 · 1 revision

The sys/sysinfo directory

The directory sys/sysinfo exists as a sub-directory to the file system root.

The directory contain the single file sysinfo.txt containing a summary of select system information. It's meant for a quick system overview and it's not 100% comprehensive.

Files in the sys/sysinfo directory are read-only.

File: sysinfo.txt

The file sysinfo.txt contains a summary of select system information as shown below:

Windows Information:
  Computer Name:   SANS-SIFT
  Current Time:    2019-08-12 23:20:24 UTC
  Boot Time:       2019-08-12 22:35:51 UTC
  Time Zone:       UTC : UTC+0:00                                 
  Version:         10.0 (build 17763)

Hardware Information:
  Architecture:    X64
  Physical Memory: 8 GB
  Max Address:     0x23fffffff
  CPU:             Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
  MB Vendor:       Intel Corporation
  MB Product:      440BX Desktop Reference Platform
  BIOS Vendor:     Phoenix Technologies LTD
  System Vendor:   VMware, Inc.

Users:
  SANSDFIR  (S-1-5-21-1552841522-3835366585-4197357653-1001)

Process Information:
  Active:          143
  Inactive:        68

Network Interfaces:
  Interface #3:
    DhcpSubnetMaskOpt:  255.255.255.0
    DhcpDefaultGateway: 192.168.16.2
    DhcpNameServer:     192.168.16.2
    DhcpDomain:         localdomain
    DhcpServer:         192.168.16.254
    DhcpSubnetMask:     255.255.255.0
    DhcpIPAddress:      192.168.16.131
  Interface #4:
    DhcpServer:         255.255.255.255
    SubnetMask:         255.255.255.240
    IPAddress:          172.17.241.33
  Interface #5:
    DhcpServer:         255.255.255.255
    SubnetMask:         255.255.255.240
    IPAddress:          192.168.157.241

MemProcFS Information:
  Version:         5.9.9 (build 156)
  Parse Time:      2024-04-23 20:27:38 UTC
  Memory Source:   Read-only, Static
  Unique Tag:      17763_20219079
  Forensic Mode:   Disabled
  VM Parsing:      Disabled

Example

The example shows the sys/sysinfo directory with the file sysinfo.txt. The file contains a summary of various system information.

For Developers

The sys/sysinfo sub-directory is implemented as a built-in native C-code plugin. The plugin source is located in the file modules/m_sys_sysinfo.c in the vmm project.

Sponsor PCILeech and MemProcFS:

PCILeech and MemProcFS is free and open source!

I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!

If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk

Thank You 💖

Overview

API

Root File System

Per-Process File System

Development

FAQ

Clone this wiki locally