Supported Evidence

These pages categorize the supported evidence and artifacts by OS, indicating whether each item is parsed and presented in the Investigation Hub and/or if the associated file is collected.

Windows Collections macOS Collections Linux Collections IBM AIX Collections ESXi Collections

The table below provides a count of the currently supported evidence and artefact items

Collection Type:

File Count

Windows artifact

119

Windows evidence

192

macOS artifact

macOS evidence

178

Linux artifact

Linux evidence

135

AIX artifact

AIX evidence

ESXi evidence

Grand Total

737

PreviousAcquisition Profiles NextWindows Collections

Last updated 5 days ago

Was this helpful?