Linux Collections
AIR supports the following Linux Evidence and Artifacts
Linux Evidence List
| Category | Name | Collection Type |
|---|---|---|
System | System Controls | Parsed & presented in Investigation Hub |
System | Cron Jobs | Parsed & presented in Investigation Hub |
System | AppArmor Profiles | Parsed & presented in Investigation Hub |
System | ULimit Information | Parsed & presented in Investigation Hub |
System | Kernel Modules | Parsed & presented in Investigation Hub |
System | Lock Files | Parsed & presented in Investigation Hub |
System | Systemctl Services | Parsed & presented in Investigation Hub |
Disk | Block Devices | Parsed & presented in Investigation Hub |
Disk | Fstab | Parsed & presented in Investigation Hub |
Disk | Mounts | Parsed & presented in Investigation Hub |
Disk | NFS Exports | Parsed & presented in Investigation Hub |
File System | File System Enumeration | Parsed & presented in Investigation Hub |
Processes | Processes | Parsed & presented in Investigation Hub |
Processes | Process Open Files | Parsed & presented in Investigation Hub |
Memory | Shared Memory | Parsed & presented in Investigation Hub |
Memory | Memory Map | Parsed & presented in Investigation Hub |
Memory | Swaps | Parsed & presented in Investigation Hub |
Memory | RAM Image | Parsed & presented in Investigation Hub |
Browser | Default Browser | Parsed & presented in Investigation Hub |
Browser | Chrome Cookies | Parsed & presented in Investigation Hub |
Browser | Chromium Cookies | Parsed & presented in Investigation Hub |
Browser | Edge Cookies | Parsed & presented in Investigation Hub |
Browser | Opera Cookies | Parsed & presented in Investigation Hub |
Browser | Vivaldi Cookies | Parsed & presented in Investigation Hub |
Browser | Brave Cookies | Parsed & presented in Investigation Hub |
Browser | Chrome Bookmarks | Parsed & presented in Investigation Hub |
Browser | Chrome User Profiles | Parsed & presented in Investigation Hub |
Browser | Chrome Extensions | Parsed & presented in Investigation Hub |
Browser | Chrome Local Storage | Parsed & presented in Investigation Hub |
Browser | Chrome IndexedDB | Parsed & presented in Investigation Hub |
Browser | Chrome Web Storage | Parsed & presented in Investigation Hub |
Browser | Chrome Form History | Parsed & presented in Investigation Hub |
Browser | Chromium Form History | Parsed & presented in Investigation Hub |
Browser | Edge Form History | Parsed & presented in Investigation Hub |
Browser | Opera Form History | Parsed & presented in Investigation Hub |
Browser | Vivaldi Form History | Parsed & presented in Investigation Hub |
Browser | Brave Form History | Parsed & presented in Investigation Hub |
Browser | Chrome Thumbnails | Parsed & presented in Investigation Hub |
Browser | Chromium Thumbnails | Parsed & presented in Investigation Hub |
Browser | Edge Thumbnails | Parsed & presented in Investigation Hub |
Browser | Opera Thumbnails | Parsed & presented in Investigation Hub |
Browser | Vivaldi Thumbnails | Parsed & presented in Investigation Hub |
Browser | Brave Thumbnails | Parsed & presented in Investigation Hub |
Browser | Chrome Favicons | Parsed & presented in Investigation Hub |
Browser | Chromium Favicons | Parsed & presented in Investigation Hub |
Browser | Edge Favicons | Parsed & presented in Investigation Hub |
Browser | Opera Favicons | Parsed & presented in Investigation Hub |
Browser | Vivaldi Favicons | Parsed & presented in Investigation Hub |
Browser | Brave Favicons | Parsed & presented in Investigation Hub |
Browser | Chrome Login Data | Parsed & presented in Investigation Hub |
Browser | Chromium Login Data | Parsed & presented in Investigation Hub |
Browser | Edge Login Data | Parsed & presented in Investigation Hub |
Browser | Opera Login Data | Parsed & presented in Investigation Hub |
Browser | Vivaldi Login Data | Parsed & presented in Investigation Hub |
Browser | Brave Login Data | Parsed & presented in Investigation Hub |
Browser | Chrome Sessions | Parsed & presented in Investigation Hub |
Browser | Chromium Sessions | Parsed & presented in Investigation Hub |
Browser | Brave Sessions | Parsed & presented in Investigation Hub |
Browser | Edge Sessions | Parsed & presented in Investigation Hub |
Browser | Opera Sessions | Parsed & presented in Investigation Hub |
Browser | Vivaldi Sessions | Parsed & presented in Investigation Hub |
Browser | Chrome Browsing History | Parsed & presented in Investigation Hub |
Browser | Firefox Browsing History | Parsed & presented in Investigation Hub |
Browser | Chromium Browsing History | Parsed & presented in Investigation Hub |
Browser | Edge Browsing History | Parsed & presented in Investigation Hub |
Browser | Opera Browsing History | Parsed & presented in Investigation Hub |
Browser | Vivaldi Browsing History | Parsed & presented in Investigation Hub |
Browser | Brave Browsing History | Parsed & presented in Investigation Hub |
Browser | Chrome Downloads | Parsed & presented in Investigation Hub |
Browser | Chromium Downloads | Parsed & presented in Investigation Hub |
Browser | Firefox Downloads | Parsed & presented in Investigation Hub |
Browser | Brave Downloads | Parsed & presented in Investigation Hub |
Browser | Edge Downloads | Parsed & presented in Investigation Hub |
Browser | Opera Downloads | Parsed & presented in Investigation Hub |
Browser | Vivaldi Downloads | Parsed & presented in Investigation Hub |
Browser | Firefox Cookies | Parsed & presented in Investigation Hub |
Users | User Groups | Parsed & presented in Investigation Hub |
Users | Users | Parsed & presented in Investigation Hub |
Users | Last Access | Parsed & presented in Investigation Hub |
Users | Logged Users | Parsed & presented in Investigation Hub |
Users | Shadow | Parsed & presented in Investigation Hub |
Users | Sudoers | Parsed & presented in Investigation Hub |
Users | Failed Login Attempts | Parsed & presented in Investigation Hub |
SSH | SSH Known Hosts | Parsed & presented in Investigation Hub |
SSH | SSH Authorized Keys | Parsed & presented in Investigation Hub |
SSH | SSH Configs | Parsed & presented in Investigation Hub |
SSH | SSHD Configs | Parsed & presented in Investigation Hub |
Network | Hosts | Parsed & presented in Investigation Hub |
Network | ICMP Table | Parsed & presented in Investigation Hub |
Network | IP Routes | Parsed & presented in Investigation Hub |
Network | IP Tables | Parsed & presented in Investigation Hub |
Network | Raw Table | Parsed & presented in Investigation Hub |
Network | Network Interfaces | Parsed & presented in Investigation Hub |
Network | TCP Table | Parsed & presented in Investigation Hub |
Network | UDPLite Table | Parsed & presented in Investigation Hub |
Network | UDP Table | Parsed & presented in Investigation Hub |
Network | Unix Sockets | Parsed & presented in Investigation Hub |
Network | ARP Table | Parsed & presented in Investigation Hub |
Network | DNS Resolvers | Parsed & presented in Investigation Hub |
Other Evidence | APT Sources | Parsed & presented in Investigation Hub |
Other Evidence | APT History | Parsed & presented in Investigation Hub |
Other Evidence | DEB Packages | Parsed & presented in Investigation Hub |
Other Evidence | YUM Sources | Parsed & presented in Investigation Hub |
Other Evidence | SELinux Configs | Parsed & presented in Investigation Hub |
Other Evidence | SELinux Settings | Parsed & presented in Investigation Hub |
Other Evidence | SUID Binaries | Parsed & presented in Investigation Hub |
Other Evidence | Shell History | Parsed & presented in Investigation Hub |
Other Evidence | System Artifacts | Parsed & presented in Investigation Hub |
Other Evidence | Log Files | Parsed & presented in Investigation Hub |
Linux Artifact List
| Category | Name | Collection Type |
|---|---|---|
Server | Apache Logs | File Collected |
Server | NGINX Logs | File Collected |
Server | MongoDB Logs | File Collected |
Server | MySQL Logs | File Collected |
Server | PostgreSQL Logs | File Collected |
Server | SSH Server Logs | File Collected |
Server | DHCP Server Logs | File Collected |
System | System Logs | File Collected |
System | Messages | File Collected |
System | Auth Logs | File Collected |
System | Secure | File Collected |
System | Boot Logs | File Collected |
System | Kernel Logs | File Collected |
System | Mail Logs | File Collected |
Docker | Docker Changes | Parsed & presented in Investigation Hub |
Docker | Docker Containers | Parsed & presented in Investigation Hub |
Docker | Docker Image History | Parsed & presented in Investigation Hub |
Docker | Docker Images | Parsed & presented in Investigation Hub |
Docker | Docker Info | Parsed & presented in Investigation Hub |
Docker | Docker Networks | Parsed & presented in Investigation Hub |
Docker | Docker Processes | Parsed & presented in Investigation Hub |
Docker | Docker Volumes | Parsed & presented in Investigation Hub |
Communication | AnyDesk Logs | File Collected |
Last updated