# Boot Logs

## Overview

**Evidence:** Boot Logs\
**Description:** Collect Boot Logs\
**Category:** System\
**Platform:** linux\
**Short Name:** bootl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Linux boot logs contain messages from the boot process including kernel initialization, service startup, hardware detection, and boot-time errors. They capture the system state during boot and initialization sequences.

## Data Collected

This collector gathers structured data about boot logs.

## Collection Method

This collector gathers boot log files from /var/log/boot\*, which record system boot messages, service initialization, and startup sequence events.

## Forensic Value

Boot logs are valuable for investigating system startup issues, rootkit persistence mechanisms, boot-time malware, service startup anomalies, and understanding system configuration at boot time.