Evidence: Shared Memory
Description: Collect shared memory
Category: Memory
Platform: linux
Short Name: sharedm
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
This collector gathers shared memory information from the Linux system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.
Data Collected
This collector gathers structured data about shared memory.
Collection Method
This collector enumerates System V shared memory segments and records them into the shared_memory table.
Forensic Value
This evidence is crucial for forensic investigations as it provides shared memory usage details that can indicate inter-process communication, potential covert channels, or malware persistence.
