Evidence: System Controls
Description: Collect system controls
Category: System
Platform: linux
Short Name: syscntrls
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
This collector gathers system controls (sysctl) information from the Linux system. This data is essential for understanding kernel and system tuning parameters and detecting unauthorized changes.
Data Collected
This collector gathers structured data about system controls.
Collection Method
This collector parses sysctl configuration files and current values, recording them into the system_controls table.
Forensic Value
This evidence is crucial for forensic investigations as it reveals system tuning parameters and changes that might indicate persistence or hardening bypasses.
