Back to binalyze.com

Linux Collections

AIR supports the following Linux Evidence and Artifacts

Linux Evidence List

1

System

System Controls

Collect system controls

2

System

Cron Jobs

Collect cron jobs

3

System

AppArmor Profiles

Collect AppArmor profiles

4

System

ULimit Information

Collect ulimit information

5

System

Kernel Modules

Collect kernel modules

6

System

Lock Files

Collect lock files

7

System

Systemctl Services

Collect Systemctl Running Services

8

Disk

Block Devices

Collect block devices

9

Disk

Fstab

Collect fstab configuration

10

Disk

Mounts

Collect mounts

11

Disk

NFS Exports

Collect NFS exports

12

File System

File System Enumeration

Dump file and folder information.

13

Processes

Processes

Collect process list

14

Processes

Process Open Files

Collect process open files information

15

Memory

Shared Memory

Collect shared memory

16

Memory

Memory Map

Collect memory map

17

Memory

Swaps

Collect swap info

18

Memory

RAM Image

Create an image of RAM

19

Browser

Default Browser

Collect Default Browser

20

Browser

Chrome Cookies

Collect Chrome Cookies

21

Browser

Chromium Cookies

Collect Chromium Cookies

22

Browser

Edge Cookies

Collect Edge Cookies

23

Browser

Opera Cookies

Collect Opera Cookies

24

Browser

Vivaldi Cookies

Collect Vivaldi Cookies

25

Browser

Brave Cookies

Collect Brave Cookies

26

Browser

Chrome Bookmarks

Collect Chrome Bookmarks

27

Browser

Chromium Bookmarks

Collect Chromium Bookmarks

28

Browser

Edge Bookmarks

Collect Edge Bookmarks

29

Browser

Opera Bookmarks

Collect Opera Bookmarks

30

Browser

Vivaldi Bookmarks

Collect Vivaldi Bookmarks

31

Browser

Brave Bookmarks

Collect Brave Bookmarks

32

Browser

Chrome User Profiles

Collect Chrome User Profiles

33

Browser

Chromium User Profiles

Collect Chromium User Profiles

34

Browser

Edge User Profiles

Collect Edge User Profiles

35

Browser

Opera User Profiles

Collect Opera User Profiles

36

Browser

Vivaldi User Profiles

Collect Vivaldi User Profiles

37

Browser

Brave User Profiles

Collect Brave User Profiles

38

Browser

Chrome Extensions

Collect Chrome Extensions

39

Browser

Firefox Extensions

Collect Firefox Extensions (Addons)

40

Browser

Chrome Local Storage

Collect Chrome Local Storage

41

Browser

Chromium Local Storage

Collect Chromium Local Storage

42

Browser

Edge Local Storage

Collect Edge Local Storage

43

Browser

Opera Local Storage

Collect Opera Local Storage

44

Browser

Vivaldi Local Storage

Collect Vivaldi Local Storage

45

Browser

Brave Local Storage

Collect Brave Local Storage

46

Browser

Dump Chrome Indexed DB

Dump Chrome Indexed DB

47

Browser

Dump Chromium Indexed DB

Dump Chromium Indexed DB

48

Browser

Dump Edge Indexed DB

Dump Edge Indexed DB

49

Browser

Dump Opera Indexed DB

Dump Opera Indexed DB

50

Browser

Dump Vivaldi Indexed DB

Dump Vivaldi Indexed DB

51

Browser

Dump Brave Indexed DB

Dump Brave Indexed DB

52

Browser

Chrome Web Storage

Collect Chrome Web Storage

53

Browser

Chromium Web Storage

Collect Chromium Web Storage

54

Browser

Edge Web Storage

Collect Edge Web Storage

55

Browser

Opera Web Storage

Collect Opera Web Storage

56

Browser

Vivaldi Web Storage

Collect Vivaldi Web Storage

57

Browser

Brave Web Storage

Collect Brave Web Storage

58

Browser

Chrome Form History

Collect Chrome Form History

59

Browser

Chromium Form History

Collect Chromium Form History

60

Browser

Edge Form History

Collect Edge Form History

61

Browser

Opera Form History

Collect Opera Form History

62

Browser

Vivaldi Form History

Collect Vivaldi Form History

63

Browser

Brave Form History

Collect Brave Form History

64

Browser

Chrome Thumbnails

Collect Chrome Thumbnails

65

Browser

Chromium Thumbnails

Collect Chromium Thumbnails

66

Browser

Edge Thumbnails

Collect Edge Thumbnails

67

Browser

Opera Thumbnails

Collect Opera Thumbnails

68

Browser

Vivaldi Thumbnails

Collect Vivaldi Thumbnails

69

Browser

Brave Thumbnails

Collect Brave Thumbnails

70

Browser

Chrome Favicons

Collect Chrome Favicons

71

Browser

Chromium Favicons

Collect Chromium Favicons

72

Browser

Edge Favicons

Collect Edge Favicons

73

Browser

Opera Favicons

Collect Opera Favicons

74

Browser

Vivaldi Favicons

Collect Vivaldi Favicons

75

Browser

Brave Favicons

Collect Brave Favicons

76

Browser

Chrome Login Data

Collect Chrome Login Data

77

Browser

Chromium Login Data

Collect Chromium Login Data

78

Browser

Edge Login Data

Collect Edge Login Data

79

Browser

Opera Login Data

Collect Opera Login Data

80

Browser

Vivaldi Login Data

Collect Vivaldi Login Data

81

Browser

Brave Login Data

Collect Brave Login Data

82

Browser

Chrome Sessions

Collect Chrome Sessions

83

Browser

Chromium Sessions

Collect Chromium Sessions

84

Browser

Brave Sessions

Collect Brave Sessions

85

Browser

Edge Sessions

Collect Edge Sessions

86

Browser

Opera Sessions

Collect Opera Sessions

87

Browser

Vivaldi Sessions

Collect Vivaldi Sessions

88

Browser

Chrome Browsing History

Collect visited URLs from Google Chrome

89

Browser

Firefox Browsing History

Collect visited URLs from Mozilla Firefox

90

Browser

Chromium Browsing History

Collect visited URLs from Chromium

91

Browser

Edge Browsing History

Collect visited URLs from Edge

92

Browser

Opera Browsing History

Collect Visited URLs from Opera

93

Browser

Vivaldi Browsing History

Collect visited URLs from Vivaldi

94

Browser

Brave Browsing History

Collect visited URLs from Brave

95

Browser

Chrome Downloads

Collect Chrome Downloads

96

Browser

Chromium Downloads

Collect Chromium Downloads

97

Browser

Firefox Downloads

Collect Firefox Downloads

98

Browser

Brave Downloads

Collect Brave Downloads

99

Browser

Edge Downloads

Collect Edge Downloads

100

Browser

Opera Downloads

Collect Opera Downloads

101

Browser

Vivaldi Downloads

Collect Vivaldi Downloads

102

Browser

Firefox Cookies

Collect Firefox Cookies

103

Users

User Groups

Collect user group list

104

Users

Users

Collect user list

105

Users

Last Access

Collect last access records

106

Users

Logged Users

Collect logged user list

107

Users

Shadow

Collect shadow content

108

Users

Sudoers

Collect sudoers

109

Users

Failed Login Attempts

Collect fail login attempts

110

SSH

SSH Known Hosts

Collect SSH known hosts

111

SSH

SSH Authorized Keys

Collect SSH authorized keys

112

SSH

SSH Configs

Collect SSH configurations

113

SSH

SSHD Configs

Collect SSHD configurations

114

Network

Hosts

Collect hosts

115

Network

ICMP Table

Collect ICMP table

116

Network

IP Routes

Collect IP routes

117

Network

IP Tables

Collect IP tables

118

Network

Raw Table

Collect Raw table

119

Network

Network Interfaces

Collect network interfaces

120

Network

TCP Table

Collect TCP table

121

Network

UDPLite Table

Collect UDPLite table

122

Network

UDP Table

Collect UDP table

123

Network

Unix Sockets

Collect unix sockets

124

Network

ARP Table

Collect ARP table

125

Network

DNS Resolvers

Collect DNS resolvers

126

Other Evidence

APT Sources

Collect APT sources

127

Other Evidence

APT History

Collect APT history

128

Other Evidence

DEB Packages

Collect Debian packages

129

Other Evidence

YUM Sources

Collect YUM sources

130

Other Evidence

SELinux Configs

Collect SELinux configurations

131

Other Evidence

SELinux Settings

Collect SELinux settings

132

Other Evidence

SUID Binaries

Collect SUID binaries

133

Other Evidence

Shell History

Collect shell history

134

Other Evidence

System Artifacts

Collect system artifacts (Files of collected evidence. For example: /etc/passwd file)

135

Other Evidence

Log Files

Collect log files under /var/log/

Linux Artifact List

1

Server

Apache Logs

Collect Apache Logs

2

Server

NGINX Logs

Collect NGINX Logs

3

Server

MongoDB Logs

Collect MongoDB Logs

4

Server

MySQL Logs

Collect MySQL Logs

5

Server

PostgreSQL Logs

Collect PostgreSQL Logs

6

Server

SSH Server Logs

Collect SSH Server Logs

7

Server

DHCP Server Logs

Collect DHCP Server Logs

8

System

System Logs

Collect System Logs

9

System

Messages

Collect Messages Logs

10

System

Auth Logs

Collect Auth Logs

11

System

Secure

Collect Secure Logs

12

System

Boot Logs

Collect Boot Logs

13

System

Kernel Logs

Collect Kernel Logs

14

System

Mail Logs

Collect Mail Logs

15

Docker

Docker Changes

Collect Docker Changes.

16

Docker

Docker Containers

Collect Docker Containers.

17

Docker

Docker Image History

Collect Docker Image History.

18

Docker

Docker Images

Collect Docker Images.

19

Docker

Docker Info

Collect Docker Info.

20

Docker

Docker Networks

Collect Docker Networks.

21

Docker

Docker Processes

Collect Docker Processes.

22

Docker

Docker Volumes

Collect Docker Volumes.

23

Docker

Docker Container Logs

Collect Docker Container Logs

24

Docker

Docker Logs

Collect Docker Logs on Filesystem

25

Communication

AnyDesk Logs

Collect AnyDesk Logs

PreviousmacOS CollectionsNextIBM AIX Collections

Last updated