Lock Files

Overview

Evidence: Lock Files Description: Collect lock files Category: System Platform: linux Short Name: lckfls Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers lock files information from the Linux system. This data is essential for understanding process/file locking behavior, detecting contention or misuse, and investigating system-related events.

Data Collected

This collector gathers structured data about lock files.

Collection Method

This collector parses process file descriptor info and lock metadata and records it into the lock_files table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals locked resources and processes holding them, helping identify sabotage, ransomware behavior, or resource contention.