Linux Collections
AIR supports the following Linux Evidence and Artifacts
Linux Evidence List
1 | System | System Controls | Collect system controls |
2 | System | Cron Jobs | Collect cron jobs |
3 | System | AppArmor Profiles | Collect AppArmor profiles |
4 | System | ULimit Information | Collect ulimit information |
5 | System | Kernel Modules | Collect kernel modules |
6 | System | Lock Files | Collect lock files |
7 | System | Systemctl Services | Collect Systemctl Running Services |
8 | Disk | Block Devices | Collect block devices |
9 | Disk | Fstab | Collect fstab configuration |
10 | Disk | Mounts | Collect mounts |
11 | Disk | NFS Exports | Collect NFS exports |
12 | File System | File System Enumeration | Dump file and folder information. |
13 | Processes | Processes | Collect process list |
14 | Processes | Process Open Files | Collect process open files information |
15 | Memory | Shared Memory | Collect shared memory |
16 | Memory | Memory Map | Collect memory map |
17 | Memory | Swaps | Collect swap info |
18 | Memory | RAM Image | Create an image of RAM |
19 | Browser | Default Browser | Collect Default Browser |
20 | Browser | Chrome Cookies | Collect Chrome Cookies |
21 | Browser | Chromium Cookies | Collect Chromium Cookies |
22 | Browser | Edge Cookies | Collect Edge Cookies |
23 | Browser | Opera Cookies | Collect Opera Cookies |
24 | Browser | Vivaldi Cookies | Collect Vivaldi Cookies |
25 | Browser | Brave Cookies | Collect Brave Cookies |
26 | Browser | Chrome Bookmarks | Collect Chrome Bookmarks |
27 | Browser | Chromium Bookmarks | Collect Chromium Bookmarks |
28 | Browser | Edge Bookmarks | Collect Edge Bookmarks |
29 | Browser | Opera Bookmarks | Collect Opera Bookmarks |
30 | Browser | Vivaldi Bookmarks | Collect Vivaldi Bookmarks |
31 | Browser | Brave Bookmarks | Collect Brave Bookmarks |
32 | Browser | Chrome User Profiles | Collect Chrome User Profiles |
33 | Browser | Chromium User Profiles | Collect Chromium User Profiles |
34 | Browser | Edge User Profiles | Collect Edge User Profiles |
35 | Browser | Opera User Profiles | Collect Opera User Profiles |
36 | Browser | Vivaldi User Profiles | Collect Vivaldi User Profiles |
37 | Browser | Brave User Profiles | Collect Brave User Profiles |
38 | Browser | Chrome Extensions | Collect Chrome Extensions |
39 | Browser | Chrome Local Storage | Collect Chrome Local Storage |
40 | Browser | Chromium Local Storage | Collect Chromium Local Storage |
41 | Browser | Edge Local Storage | Collect Edge Local Storage |
42 | Browser | Opera Local Storage | Collect Opera Local Storage |
43 | Browser | Vivaldi Local Storage | Collect Vivaldi Local Storage |
44 | Browser | Brave Local Storage | Collect Brave Local Storage |
45 | Browser | Dump Chrome Indexed DB | Dump Chrome Indexed DB |
46 | Browser | Dump Chromium Indexed DB | Dump Chromium Indexed DB |
47 | Browser | Dump Edge Indexed DB | Dump Edge Indexed DB |
48 | Browser | Dump Opera Indexed DB | Dump Opera Indexed DB |
49 | Browser | Dump Vivaldi Indexed DB | Dump Vivaldi Indexed DB |
50 | Browser | Dump Brave Indexed DB | Dump Brave Indexed DB |
51 | Browser | Chrome Web Storage | Collect Chrome Web Storage |
52 | Browser | Chromium Web Storage | Collect Chromium Web Storage |
53 | Browser | Edge Web Storage | Collect Edge Web Storage |
54 | Browser | Opera Web Storage | Collect Opera Web Storage |
55 | Browser | Vivaldi Web Storage | Collect Vivaldi Web Storage |
56 | Browser | Brave Web Storage | Collect Brave Web Storage |
57 | Browser | Chrome Form History | Collect Chrome Form History |
58 | Browser | Chromium Form History | Collect Chromium Form History |
59 | Browser | Edge Form History | Collect Edge Form History |
60 | Browser | Opera Form History | Collect Opera Form History |
61 | Browser | Vivaldi Form History | Collect Vivaldi Form History |
62 | Browser | Brave Form History | Collect Brave Form History |
63 | Browser | Chrome Thumbnails | Collect Chrome Thumbnails |
64 | Browser | Chromium Thumbnails | Collect Chromium Thumbnails |
65 | Browser | Edge Thumbnails | Collect Edge Thumbnails |
66 | Browser | Opera Thumbnails | Collect Opera Thumbnails |
67 | Browser | Vivaldi Thumbnails | Collect Vivaldi Thumbnails |
68 | Browser | Brave Thumbnails | Collect Brave Thumbnails |
69 | Browser | Chrome Favicons | Collect Chrome Favicons |
70 | Browser | Chromium Favicons | Collect Chromium Favicons |
71 | Browser | Edge Favicons | Collect Edge Favicons |
72 | Browser | Opera Favicons | Collect Opera Favicons |
73 | Browser | Vivaldi Favicons | Collect Vivaldi Favicons |
74 | Browser | Brave Favicons | Collect Brave Favicons |
75 | Browser | Chrome Login Data | Collect Chrome Login Data |
76 | Browser | Chromium Login Data | Collect Chromium Login Data |
77 | Browser | Edge Login Data | Collect Edge Login Data |
78 | Browser | Opera Login Data | Collect Opera Login Data |
79 | Browser | Vivaldi Login Data | Collect Vivaldi Login Data |
80 | Browser | Brave Login Data | Collect Brave Login Data |
81 | Browser | Chrome Sessions | Collect Chrome Sessions |
82 | Browser | Chromium Sessions | Collect Chromium Sessions |
83 | Browser | Brave Sessions | Collect Brave Sessions |
84 | Browser | Edge Sessions | Collect Edge Sessions |
85 | Browser | Opera Sessions | Collect Opera Sessions |
86 | Browser | Vivaldi Sessions | Collect Vivaldi Sessions |
87 | Browser | Chrome Browsing History | Collect visited URLs from Google Chrome |
88 | Browser | Firefox Browsing History | Collect visited URLs from Mozilla Firefox |
89 | Browser | Chromium Browsing History | Collect visited URLs from Chromium |
90 | Browser | Edge Browsing History | Collect visited URLs from Edge |
91 | Browser | Opera Browsing History | Collect Visited URLs from Opera |
92 | Browser | Vivaldi Browsing History | Collect visited URLs from Vivaldi |
93 | Browser | Brave Browsing History | Collect visited URLs from Brave |
94 | Browser | Chrome Downloads | Collect Chrome Downloads |
95 | Browser | Chromium Downloads | Collect Chromium Downloads |
96 | Browser | Firefox Downloads | Collect Firefox Downloads |
97 | Browser | Brave Downloads | Collect Brave Downloads |
98 | Browser | Edge Downloads | Collect Edge Downloads |
99 | Browser | Opera Downloads | Collect Opera Downloads |
100 | Browser | Vivaldi Downloads | Collect Vivaldi Downloads |
101 | Browser | Firefox Cookies | Collect Firefox Cookies |
102 | Users | User Groups | Collect user group list |
103 | Users | Users | Collect user list |
104 | Users | Last Access | Collect last access records |
105 | Users | Logged Users | Collect logged user list |
106 | Users | Shadow | Collect shadow content |
107 | Users | Sudoers | Collect sudoers |
108 | Users | Failed Login Attempts | Collect fail login attempts |
109 | SSH | SSH Known Hosts | Collect SSH known hosts |
110 | SSH | SSH Authorized Keys | Collect SSH authorized keys |
111 | SSH | SSH Configs | Collect SSH configurations |
112 | SSH | SSHD Configs | Collect SSHD configurations |
113 | Network | Hosts | Collect hosts |
114 | Network | ICMP Table | Collect ICMP table |
115 | Network | IP Routes | Collect IP routes |
116 | Network | IP Tables | Collect IP tables |
117 | Network | Raw Table | Collect Raw table |
118 | Network | Network Interfaces | Collect network interfaces |
119 | Network | TCP Table | Collect TCP table |
120 | Network | UDPLite Table | Collect UDPLite table |
121 | Network | UDP Table | Collect UDP table |
122 | Network | Unix Sockets | Collect unix sockets |
123 | Network | ARP Table | Collect ARP table |
124 | Network | DNS Resolvers | Collect DNS resolvers |
125 | Other Evidence | APT Sources | Collect APT sources |
126 | Other Evidence | APT History | Collect APT history |
127 | Other Evidence | DEB Packages | Collect Debian packages |
128 | Other Evidence | YUM Sources | Collect YUM sources |
129 | Other Evidence | SELinux Configs | Collect SELinux configurations |
130 | Other Evidence | SELinux Settings | Collect SELinux settings |
131 | Other Evidence | SUID Binaries | Collect SUID binaries |
132 | Other Evidence | Shell History | Collect shell history |
133 | Other Evidence | System Artifacts | Collect system artifacts (Files of collected evidence. For example: /etc/passwd file) |
134 | Other Evidence | Log Files | Collect log files under /var/log/ |
Linux Artifact List
1 | Server | Apache Logs | Collect Apache Logs |
2 | Server | NGINX Logs | Collect NGINX Logs |
3 | Server | MongoDB Logs | Collect MongoDB Logs |
4 | Server | MySQL Logs | Collect MySQL Logs |
5 | Server | PostgreSQL Logs | Collect PostgreSQL Logs |
6 | Server | SSH Server Logs | Collect SSH Server Logs |
7 | Server | DHCP Server Logs | Collect DHCP Server Logs |
8 | System | System Logs | Collect System Logs |
9 | System | Messages | Collect Messages Logs |
10 | System | Auth Logs | Collect Auth Logs |
11 | System | Secure | Collect Secure Logs |
12 | System | Boot Logs | Collect Boot Logs |
13 | System | Kernel Logs | Collect Kernel Logs |
14 | System | Mail Logs | Collect Mail Logs |
15 | Docker | Docker Changes | Collect Docker Changes. |
16 | Docker | Docker Containers | Collect Docker Containers. |
17 | Docker | Docker Image History | Collect Docker Image History. |
18 | Docker | Docker Images | Collect Docker Images. |
19 | Docker | Docker Info | Collect Docker Info. |
20 | Docker | Docker Networks | Collect Docker Networks. |
21 | Docker | Docker Processes | Collect Docker Processes. |
22 | Docker | Docker Volumes | Collect Docker Volumes. |
23 | Communication | AnyDesk Logs | Collect AnyDesk Logs |
Last updated