FS_Sys_Sysinfo
The directory sys/sysinfo exists as a sub-directory to the file system root.
The directory contain the single file sysinfo.txt containing a summary of select system information. It's meant for a quick system overview and it's not 100% comprehensive.
Files in the sys/sysinfo directory are read-only.
The file sysinfo.txt contains a summary of select system information as shown below:
Windows Information:
Computer Name: SANS-SIFT
Current Time: 2019-08-12 23:20:24 UTC
Boot Time: 2019-08-12 22:35:51 UTC
Time Zone: UTC : UTC+0:00
Version: 10.0 (build 17763)
Hardware Information:
Architecture: X64
Physical Memory: 8 GB
Max Address: 0x23fffffff
CPU: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
MB Vendor: Intel Corporation
MB Product: 440BX Desktop Reference Platform
BIOS Vendor: Phoenix Technologies LTD
System Vendor: VMware, Inc.
Users:
SANSDFIR (S-1-5-21-1552841522-3835366585-4197357653-1001)
Process Information:
Active: 143
Inactive: 68
Network Interfaces:
Interface #3:
DhcpSubnetMaskOpt: 255.255.255.0
DhcpDefaultGateway: 192.168.16.2
DhcpNameServer: 192.168.16.2
DhcpDomain: localdomain
DhcpServer: 192.168.16.254
DhcpSubnetMask: 255.255.255.0
DhcpIPAddress: 192.168.16.131
Interface #4:
DhcpServer: 255.255.255.255
SubnetMask: 255.255.255.240
IPAddress: 172.17.241.33
Interface #5:
DhcpServer: 255.255.255.255
SubnetMask: 255.255.255.240
IPAddress: 192.168.157.241
MemProcFS Information:
Version: 5.9.9 (build 156)
Parse Time: 2024-04-23 20:27:38 UTC
Memory Source: Read-only, Static
Unique Tag: 17763_20219079
Forensic Mode: Disabled
VM Parsing: Disabled
The example shows the sys/sysinfo directory with the file sysinfo.txt. The file contains a summary of various system information.
The sys/sysinfo sub-directory is implemented as a built-in native C-code plugin. The plugin source is located in the file modules/m_sys_sysinfo.c in the vmm project.