# Systemctl Services

## Overview

**Evidence:** Systemctl Services\
**Description:** Collect Systemctl Running Services\
**Category:** System\
**Platform:** linux\
**Short Name:** sysctl\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

This collector gathers systemctl service information from the Linux system. This data is essential for understanding system service state, detecting unauthorized service changes, and investigating persistence or service-related security incidents.

## Data Collected

This collector gathers structured data about systemctl services.

## Collection Method

This collector runs systemctl queries and records results into the `systemctl_services` table.

## Forensic Value

This evidence is crucial for forensic investigations as it provides service status and configuration information. It helps investigators understand active/inactive services, detect unauthorized service modifications, and investigate persistence mechanisms.