Evidence: System Artifacts
Description: Collect system artifacts (Files of collected evidence. For example: /etc/passwd file)
Category: System
Platform: linux
Short Name: sysartf
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
This collector gathers system artifacts information from the Linux system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.
Data Collected
This collector gathers structured data about system artifacts.
Collection Method
This collector parses configured artifact sources and collects files, recording metadata into the system_artifacts table.
Forensic Value
This evidence is crucial for forensic investigations as it provides system artifacts that reveal system changes, unauthorized activities, and potential security vulnerabilities.
