Systemctl Services

Overview

Evidence: Systemctl Services Description: Collect Systemctl Running Services Category: System Platform: linux Short Name: sysctl Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers systemctl service information from the Linux system. This data is essential for understanding system service state, detecting unauthorized service changes, and investigating persistence or service-related security incidents.

Data Collected

This collector gathers structured data about systemctl services.

Collection Method

This collector runs systemctl queries and records results into the systemctl_services table.

Forensic Value

This evidence is crucial for forensic investigations as it provides service status and configuration information. It helps investigators understand active/inactive services, detect unauthorized service modifications, and investigate persistence mechanisms.