Back to binalyze.com

Linux Collections

AIR supports the following Linux Evidence and Artifacts

Linux Evidence List

#

Category

Evidence (click for details)

Parsed

Investigation Hub

Source Files Collected

1

System

System Controls

Yes

Yes

No

2

System

Cron Jobs

Yes

Yes

No

3

System

AppArmor Profiles

Yes

Yes

No

4

System

ULimit Information

Yes

Yes

No

5

System

Kernel Modules

Yes

Yes

No

6

System

Lock Files

Yes

Yes

No

7

System

Systemctl Services

Yes

Yes

No

8

Disk

Block Devices

Yes

Yes

No

9

Disk

Fstab

Yes

Yes

No

10

Disk

Mounts

Yes

Yes

No

11

Disk

NFS Exports

Yes

Yes

No

12

File System

File System Enumeration

Yes

Yes

No

13

Processes

Processes

Yes

Yes

No

14

Processes

Process Open Files

Yes

Yes

No

15

Memory

Shared Memory

Yes

Yes

No

16

Memory

Memory Map

Yes

Yes

No

17

Memory

Swaps

Yes

Yes

No

18

Memory

RAM Image

Yes

Yes

No

19

Browser

Default Browser

Yes

Yes

No

20

Browser

Chrome Cookies

Yes

Yes

No

21

Browser

Chromium Cookies

Yes

Yes

No

22

Browser

Edge Cookies

Yes

Yes

No

23

Browser

Opera Cookies

Yes

Yes

No

24

Browser

Vivaldi Cookies

Yes

Yes

No

25

Browser

Brave Cookies

Yes

Yes

No

26

Browser

Chrome Bookmarks

Yes

Yes

No

27

Browser

Chromium Bookmarks

Yes

Yes

No

28

Browser

Edge Bookmarks

Yes

Yes

No

29

Browser

Opera Bookmarks

Yes

Yes

No

30

Browser

Vivaldi Bookmarks

Yes

Yes

No

31

Browser

Brave Bookmarks

Yes

Yes

No

32

Browser

Chrome User Profiles

Yes

Yes

No

33

Browser

Chromium User Profiles

Yes

Yes

No

34

Browser

Edge User Profiles

Yes

Yes

No

35

Browser

Opera User Profiles

Yes

Yes

No

36

Browser

Vivaldi User Profiles

Yes

Yes

No

37

Browser

Brave User Profiles

Yes

Yes

No

38

Browser

Chrome Extensions

Yes

Yes

No

39

Browser

Firefox Extensions

Yes

Yes

No

40

Browser

Chrome Local Storage

Yes

Yes

No

41

Browser

Chromium Local Storage

Yes

Yes

No

42

Browser

Edge Local Storage

Yes

Yes

No

43

Browser

Opera Local Storage

Yes

Yes

No

44

Browser

Vivaldi Local Storage

Yes

Yes

No

45

Browser

Brave Local Storage

Yes

Yes

No

46

Browser

Dump Chrome Indexed DB

Yes

Yes

No

47

Browser

Dump Chromium Indexed DB

Yes

Yes

No

48

Browser

Dump Edge Indexed DB

Yes

Yes

No

49

Browser

Dump Opera Indexed DB

Yes

Yes

No

50

Browser

Dump Vivaldi Indexed DB

Yes

Yes

No

51

Browser

Dump Brave Indexed DB

Yes

Yes

No

52

Browser

Chrome Web Storage

Yes

Yes

No

53

Browser

Chromium Web Storage

Yes

Yes

No

54

Browser

Edge Web Storage

Yes

Yes

No

55

Browser

Opera Web Storage

Yes

Yes

No

56

Browser

Vivaldi Web Storage

Yes

Yes

No

57

Browser

Brave Web Storage

Yes

Yes

No

58

Browser

Chrome Form History

Yes

Yes

No

59

Browser

Chromium Form History

Yes

Yes

No

60

Browser

Edge Form History

Yes

Yes

No

61

Browser

Opera Form History

Yes

Yes

No

62

Browser

Vivaldi Form History

Yes

Yes

No

63

Browser

Brave Form History

Yes

Yes

No

64

Browser

Chrome Thumbnails

Yes

Yes

No

65

Browser

Chromium Thumbnails

Yes

Yes

No

66

Browser

Edge Thumbnails

Yes

Yes

No

67

Browser

Opera Thumbnails

Yes

Yes

No

68

Browser

Vivaldi Thumbnails

Yes

Yes

No

69

Browser

Brave Thumbnails

Yes

Yes

No

70

Browser

Chrome Favicons

Yes

Yes

No

71

Browser

Chromium Favicons

Yes

Yes

No

72

Browser

Edge Favicons

Yes

Yes

No

73

Browser

Opera Favicons

Yes

Yes

No

74

Browser

Vivaldi Favicons

Yes

Yes

No

75

Browser

Brave Favicons

Yes

Yes

No

76

Browser

Chrome Login Data

Yes

Yes

No

77

Browser

Chromium Login Data

Yes

Yes

No

78

Browser

Edge Login Data

Yes

Yes

No

79

Browser

Opera Login Data

Yes

Yes

No

80

Browser

Vivaldi Login Data

Yes

Yes

No

81

Browser

Brave Login Data

Yes

Yes

No

82

Browser

Chrome Sessions

Yes

Yes

No

83

Browser

Chromium Sessions

Yes

Yes

No

84

Browser

Brave Sessions

Yes

Yes

No

85

Browser

Edge Sessions

Yes

Yes

No

86

Browser

Opera Sessions

Yes

Yes

No

87

Browser

Vivaldi Sessions

Yes

Yes

No

88

Browser

Chrome Browsing History

Yes

Yes

No

89

Browser

Firefox Browsing History

Yes

Yes

No

90

Browser

Chromium Browsing History

Yes

Yes

No

91

Browser

Edge Browsing History

Yes

Yes

No

92

Browser

Opera Browsing History

Yes

Yes

No

93

Browser

Vivaldi Browsing History

Yes

Yes

No

94

Browser

Brave Browsing History

Yes

Yes

No

95

Browser

Chrome Downloads

Yes

Yes

No

96

Browser

Chromium Downloads

Yes

Yes

No

97

Browser

Firefox Downloads

Yes

Yes

No

98

Browser

Brave Downloads

Yes

Yes

No

99

Browser

Edge Downloads

Yes

Yes

No

100

Browser

Opera Downloads

Yes

Yes

No

101

Browser

Vivaldi Downloads

Yes

Yes

No

102

Browser

Firefox Cookies

Yes

Yes

No

103

Users

User Groups

Yes

Yes

No

104

Users

Users

Yes

Yes

No

105

Users

Last Access

Yes

Yes

No

106

Users

Logged Users

Yes

Yes

No

107

Users

Shadow

Yes

Yes

No

108

Users

Sudoers

Yes

Yes

No

109

Users

Failed Login Attempts

Yes

Yes

No

110

SSH

SSH Known Hosts

Yes

Yes

No

111

SSH

SSH Authorized Keys

Yes

Yes

No

112

SSH

SSH Configs

Yes

Yes

No

113

SSH

SSHD Configs

Yes

Yes

No

114

Network

Hosts

Yes

Yes

No

115

Network

ICMP Table

Yes

Yes

No

116

Network

IP Routes

Yes

Yes

No

117

Network

IP Tables

Yes

Yes

No

118

Network

Raw Table

Yes

Yes

No

119

Network

Network Interfaces

Yes

Yes

No

120

Network

TCP Table

Yes

Yes

No

121

Network

UDPLite Table

Yes

Yes

No

122

Network

UDP Table

Yes

Yes

No

123

Network

Unix Sockets

Yes

Yes

No

124

Network

ARP Table

Yes

Yes

No

125

Network

DNS Resolvers

Yes

Yes

No

126

Other Evidence

APT Sources

Yes

Yes

No

127

Other Evidence

APT History

Yes

Yes

No

128

Other Evidence

DEB Packages

Yes

Yes

No

129

Other Evidence

YUM Sources

Yes

Yes

No

130

Other Evidence

SELinux Configs

Yes

Yes

No

131

Other Evidence

SELinux Settings

Yes

Yes

No

132

Other Evidence

SUID Binaries

Yes

Yes

No

133

Other Evidence

Shell History

Yes

Yes

No

134

Other Evidence

System Artifacts

Yes

Yes

No

135

Other Evidence

Log Files

Yes

Yes

No

Linux Artifact List

#

Category

Artifact (click for details)

Parsed

Investigation Hub

Source Files Collected

1

Server

Apache Logs

awaits

awaits

awaits

2

Server

NGINX Logs

awaits

awaits

awaits

3

Server

MongoDB Logs

awaits

awaits

awaits

4

Server

MySQL Logs

awaits

awaits

awaits

5

Server

PostgreSQL Logs

awaits

awaits

awaits

6

Server

SSH Server Logs

awaits

awaits

awaits

7

Server

DHCP Server Logs

awaits

awaits

awaits

8

System

System Logs

awaits

awaits

awaits

9

System

Messages

awaits

awaits

awaits

10

System

Auth Logs

awaits

awaits

awaits

11

System

Secure

awaits

awaits

awaits

12

System

Boot Logs

awaits

awaits

awaits

13

System

Kernel Logs

awaits

awaits

awaits

14

System

Mail Logs

awaits

awaits

awaits

15

Docker

Docker Changes

Yes

Yes

No

16

Docker

Docker Containers

Yes

Yes

No

17

Docker

Docker Image History

Yes

Yes

No

18

Docker

Docker Images

Yes

Yes

No

19

Docker

Docker Info

Yes

Yes

No

20

Docker

Docker Networks

Yes

Yes

No

21

Docker

Docker Processes

Yes

Yes

No

22

Docker

Docker Volumes

Yes

Yes

No

23

Docker

Docker Container Logs

Yes

Yes

No

24

Docker

Docker Logs

Yes

Yes

No

25

Communication

AnyDesk Logs

awaits

awaits

awaits

PreviousYUM SourcesNextSystem Controls

Last updated

Was this helpful?