Evidence: Boot Logs
Description: Collect Boot Logs
Category: System
Platform: linux
Short Name: bootl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Linux boot logs contain messages from the boot process including kernel initialization, service startup, hardware detection, and boot-time errors. They capture the system state during boot and initialization sequences.
Data Collected
This collector gathers structured data about boot logs.
Collection Method
This collector gathers boot log files from /var/log/boot*, which record system boot messages, service initialization, and startup sequence events.
Forensic Value
Boot logs are valuable for investigating system startup issues, rootkit persistence mechanisms, boot-time malware, service startup anomalies, and understanding system configuration at boot time.
