Shared Memory

Overview

Evidence: Shared Memory Description: Collect shared memory Category: Memory Platform: linux Short Name: sharedm Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers shared memory information from the Linux system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.

Data Collected

This collector gathers structured data about shared memory.

Collection Method

This collector enumerates System V shared memory segments and records them into the shared_memory table.

Forensic Value

This evidence is crucial for forensic investigations as it provides shared memory usage details that can indicate inter-process communication, potential covert channels, or malware persistence.