Boot Logs

Overview

Evidence: Boot Logs Description: Collect Boot Logs Category: System Platform: linux Short Name: bootl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Linux boot logs contain messages from the boot process including kernel initialization, service startup, hardware detection, and boot-time errors. They capture the system state during boot and initialization sequences.

Data Collected

This collector gathers structured data about boot logs.

Collection Method

This collector gathers boot log files from /var/log/boot*, which record system boot messages, service initialization, and startup sequence events.

Forensic Value

Boot logs are valuable for investigating system startup issues, rootkit persistence mechanisms, boot-time malware, service startup anomalies, and understanding system configuration at boot time.