System Controls

Overview

Evidence: System Controls Description: Collect system controls Category: System Platform: linux Short Name: syscntrls Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers system controls (sysctl) information from the Linux system. This data is essential for understanding kernel and system tuning parameters and detecting unauthorized changes.

Data Collected

This collector gathers structured data about system controls.

Collection Method

This collector parses sysctl configuration files and current values, recording them into the system_controls table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals system tuning parameters and changes that might indicate persistence or hardening bypasses.