Raw Table

Overview

Evidence: Raw Table Description: Collect Raw table Category: Network Platform: linux Short Name: rawtab Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers raw socket connection table information from the Linux system. This data is essential for understanding low-level network activity and detecting potentially suspicious raw socket usage.

Data Collected

This collector gathers structured data about raw table.

Collection Method

This collector parses /proc raw socket tables and records entries into the raw_table table.

Forensic Value

This evidence is crucial for forensic investigations as it provides raw socket usage visibility. It helps investigators detect packet crafting tools, covert channels, and low-level networking anomalies.