Evidence: Lock Files
Description: Collect lock files
Category: System
Platform: linux
Short Name: lckfls
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
This collector gathers lock files information from the Linux system. This data is essential for understanding process/file locking behavior, detecting contention or misuse, and investigating system-related events.
Data Collected
This collector gathers structured data about lock files.
Collection Method
This collector parses process file descriptor info and lock metadata and records it into the lock_files table.
Forensic Value
This evidence is crucial for forensic investigations as it reveals locked resources and processes holding them, helping identify sabotage, ransomware behavior, or resource contention.
