Linux Collections

AIR supports the following Linux Evidence and Artifacts

Linux Evidence List

Category

Evidence (click for details)

Parsed

Sent to the Investigation Hub

Source Files Collected

Applications

Brave Bookmarks

Yes

Applications

Brave Browsing History

Yes

Applications

Brave Cookies

Yes

Applications

Brave Downloads

Yes

Applications

Brave Favicons

Yes

Applications

Brave Form History

Yes

Applications

Brave Local Storage

Yes

Applications

Brave Login Data

Yes

Applications

Brave Sessions

Yes

Applications

Brave Thumbnails

Yes

Applications

Brave User Profiles

Yes

Applications

Brave Web Storage

Yes

Applications

Chrome Bookmarks

Yes

Applications

Chrome Browsing History

Yes

Applications

Chrome Cookies

Yes

Applications

Chrome Downloads

Yes

Applications

Chrome Extensions

Yes

Applications

Chrome Favicons

Yes

Applications

Chrome Form History

Yes

Applications

Chrome Local Storage

Yes

Applications

Chrome Login Data

Yes

Applications

Chrome Sessions

Yes

Applications

Chrome Thumbnails

Yes

Applications

Chrome User Profiles

Yes

Applications

Chrome Web Storage

Yes

Applications

Chromium Bookmarks

Yes

Applications

Chromium Browsing History

Yes

Applications

Chromium Cookies

Yes

Applications

Chromium Downloads

Yes

Applications

Chromium Favicons

Yes

Applications

Chromium Form History

Yes

Applications

Chromium Local Storage

Yes

Applications

Chromium Login Data

Yes

Applications

Chromium Sessions

Yes

Applications

Chromium Thumbnails

Yes

Applications

Chromium User Profiles

Yes

Applications

Chromium Web Storage

Yes

Applications

Default Browser

Yes

Applications

Docker Changes

Yes

Applications

Docker Container Logs

Yes

Applications

Docker Containers

Yes

Applications

Docker Image History

Yes

Applications

Docker Images

Yes

Applications

Docker Info

Yes

Applications

Docker Networks

Yes

Applications

Docker Processes

Yes

Applications

Docker Volumes

Yes

Applications

Dump Brave Indexed DB

Yes

Applications

Dump Chrome Indexed DB

Yes

Applications

Dump Chromium Indexed DB

Yes

Applications

Dump Edge Indexed DB

Yes

Applications

Dump Opera Indexed DB

Yes

Applications

Dump Vivaldi Indexed DB

Yes

Applications

Edge Bookmarks

Yes

Applications

Edge Browsing History

Yes

Applications

Edge Cookies

Yes

Applications

Edge Downloads

Yes

Applications

Edge Favicons

Yes

Applications

Edge Form History

Yes

Applications

Edge Local Storage

Yes

Applications

Edge Login Data

Yes

Applications

Edge Sessions

Yes

Applications

Edge Thumbnails

Yes

Applications

Edge User Profiles

Yes

Applications

Edge Web Storage

Yes

Applications

Failed Login Attempts

Yes

Applications

Firefox Browsing History

Yes

Applications

Firefox Cookies

Yes

Applications

Firefox Downloads

Yes

Applications

Firefox Extensions

Yes

Applications

Last Access

Yes

Applications

Logged Users

Yes

Applications

Opera Bookmarks

Yes

Applications

Opera Browsing History

Yes

Applications

Opera Cookies

Yes

Applications

Opera Downloads

Yes

Applications

Opera Favicons

Yes

Applications

Opera Form History

Yes

Applications

Opera Local Storage

Yes

Applications

Opera Login Data

Yes

Applications

Opera Sessions

Yes

Applications

Opera Thumbnails

Yes

Applications

Opera User Profiles

Yes

Applications

Opera Web Storage

Yes

Applications

Shadow

Yes

Applications

Sudoers

Yes

Applications

Vivaldi Bookmarks

Yes

Applications

Vivaldi Browsing History

Yes

Applications

Vivaldi Cookies

Yes

Applications

Vivaldi Downloads

Yes

Applications

Vivaldi Favicons

Yes

Applications

Vivaldi Form History

Yes

Applications

Vivaldi Local Storage

Yes

Applications

Vivaldi Login Data

Yes

Applications

Vivaldi Sessions

Yes

Applications

Vivaldi Thumbnails

Yes

Applications

Vivaldi User Profiles

Yes

Applications

Vivaldi Web Storage

Yes

DiskFilesystem

Block Devices

Yes

100

DiskFilesystem

File System Enumeration as CSV

Yes

101

DiskFilesystem

Fstab

Yes

102

DiskFilesystem

Mounts

Yes

103

DiskFilesystem

NFS Exports

Yes

104

Memory

Memory Map

Yes

105

Memory

RAM Image

Yes

106

Memory

Shared Memory

Yes

107

Memory

Swaps

Yes

108

Network

ARP Table

Yes

109

Network

DNS Resolvers

Yes

110

Network

Hosts

Yes

111

Network

ICMP Table

Yes

112

Network

IP Routes

Yes

113

Network

IP Tables

Yes

114

Network

Network Interfaces

Yes

115

Network

Raw Table

Yes

116

Network

SSH Authorized Keys

Yes

117

Network

SSH Configs

Yes

118

Network

SSH Files

Yes

119

Network

SSH Known Hosts

Yes

120

Network

SSHD Configs

Yes

121

Network

TCP Table

Yes

122

Network

UDP Table

Yes

123

Network

UDPLite Table

Yes

124

Network

Unix Sockets

Yes

125

System

APT History

Yes

126

System

APT Sources

Yes

127

System

AppArmor Profiles

Yes

128

System

Cron Jobs

Yes

129

System

DEB Packages

Yes

130

System

DNF History

Yes

131

System

ETC Files

Yes

132

System

Kernel Modules

Yes

133

System

Lock Files

Yes

134

System

Log Files

Yes

135

System

Process Open Files

Yes

136

System

Processes

Yes

137

System

SELinux Configs

Yes

138

System

SELinux Settings

Yes

139

System

SUID Binaries

Yes

140

System

Shell History

Yes

141

System

Sysmon Logs

Yes

142

System

System Artifacts

Yes

143

System

System Controls

Yes

144

System

Systemctl Services

Yes

145

System

ULimit Information

Yes

146

System

User Groups

Yes

147

System

Users

Yes

148

System

YUM History

Yes

149

System

YUM Sources

Yes

Linux Artifact List:

Category

Evidence (click for details)

Parsed

Sent to the Investigation Hub

Source Files Collected

Applications

AnyDesk Logs

Yes

Applications

Apache Logs

Yes

Applications

DHCP Server Logs

Yes

Applications

Docker Logs

Yes

Applications

MongoDB Logs

Yes

Applications

MySQL Logs

Yes

Applications

NGINX Logs

Yes

Applications

PostgreSQL Logs

Yes

Applications

SSH Server Logs

Yes

System

Auth Logs

Yes

System

Boot Logs

Yes

System

Kernel Logs

Yes

System

Mail Logs

Yes

System

Messages

Yes

System

Secure

Yes

System

System Logs

Yes

PreviousXProtect Remediation NextAnyDesk Logs

Last updated 1 day ago

Was this helpful?