Linux Collections
AIR supports the following Linux Evidence and Artifacts
Last updated
AIR supports the following Linux Evidence and Artifacts
Last updated
1
System
System Controls
Collect system controls
2
System
Cron Jobs
Collect cron jobs
3
System
AppArmor Profiles
Collect AppArmor profiles
4
System
ULimit Information
Collect ulimit information
5
System
Kernel Modules
Collect kernel modules
6
System
Lock Files
Collect lock files
7
System
Systemctl Services
Collect Systemctl Running Services
8
Disk
Block Devices
Collect block devices
9
Disk
Fstab
Collect fstab configuration
10
Disk
Mounts
Collect mounts
11
Disk
NFS Exports
Collect NFS exports
12
File System
File System Enumeration
Dump file and folder information.
13
Processes
Processes
Collect process list
14
Processes
Process Open Files
Collect process open files information
15
Memory
Shared Memory
Collect shared memory
16
Memory
Memory Map
Collect memory map
17
Memory
Swaps
Collect swap info
18
Memory
RAM Image
Create an image of RAM
19
Browser
Default Browser
Collect Default Browser
20
Browser
Chrome Cookies
Collect Chrome Cookies
21
Browser
Chromium Cookies
Collect Chromium Cookies
22
Browser
Edge Cookies
Collect Edge Cookies
23
Browser
Opera Cookies
Collect Opera Cookies
24
Browser
Vivaldi Cookies
Collect Vivaldi Cookies
25
Browser
Brave Cookies
Collect Brave Cookies
26
Browser
Chrome Bookmarks
Collect Chrome Bookmarks
27
Browser
Chromium Bookmarks
Collect Chromium Bookmarks
28
Browser
Edge Bookmarks
Collect Edge Bookmarks
29
Browser
Opera Bookmarks
Collect Opera Bookmarks
30
Browser
Vivaldi Bookmarks
Collect Vivaldi Bookmarks
31
Browser
Brave Bookmarks
Collect Brave Bookmarks
32
Browser
Chrome User Profiles
Collect Chrome User Profiles
33
Browser
Chromium User Profiles
Collect Chromium User Profiles
34
Browser
Edge User Profiles
Collect Edge User Profiles
35
Browser
Opera User Profiles
Collect Opera User Profiles
36
Browser
Vivaldi User Profiles
Collect Vivaldi User Profiles
37
Browser
Brave User Profiles
Collect Brave User Profiles
38
Browser
Chrome Extensions
Collect Chrome Extensions
39
Browser
Chrome Local Storage
Collect Chrome Local Storage
40
Browser
Chromium Local Storage
Collect Chromium Local Storage
41
Browser
Edge Local Storage
Collect Edge Local Storage
42
Browser
Opera Local Storage
Collect Opera Local Storage
43
Browser
Vivaldi Local Storage
Collect Vivaldi Local Storage
44
Browser
Brave Local Storage
Collect Brave Local Storage
45
Browser
Dump Chrome Indexed DB
Dump Chrome Indexed DB
46
Browser
Dump Chromium Indexed DB
Dump Chromium Indexed DB
47
Browser
Dump Edge Indexed DB
Dump Edge Indexed DB
48
Browser
Dump Opera Indexed DB
Dump Opera Indexed DB
49
Browser
Dump Vivaldi Indexed DB
Dump Vivaldi Indexed DB
50
Browser
Dump Brave Indexed DB
Dump Brave Indexed DB
51
Browser
Chrome Web Storage
Collect Chrome Web Storage
52
Browser
Chromium Web Storage
Collect Chromium Web Storage
53
Browser
Edge Web Storage
Collect Edge Web Storage
54
Browser
Opera Web Storage
Collect Opera Web Storage
55
Browser
Vivaldi Web Storage
Collect Vivaldi Web Storage
56
Browser
Brave Web Storage
Collect Brave Web Storage
57
Browser
Chrome Form History
Collect Chrome Form History
58
Browser
Chromium Form History
Collect Chromium Form History
59
Browser
Edge Form History
Collect Edge Form History
60
Browser
Opera Form History
Collect Opera Form History
61
Browser
Vivaldi Form History
Collect Vivaldi Form History
62
Browser
Brave Form History
Collect Brave Form History
63
Browser
Chrome Thumbnails
Collect Chrome Thumbnails
64
Browser
Chromium Thumbnails
Collect Chromium Thumbnails
65
Browser
Edge Thumbnails
Collect Edge Thumbnails
66
Browser
Opera Thumbnails
Collect Opera Thumbnails
67
Browser
Vivaldi Thumbnails
Collect Vivaldi Thumbnails
68
Browser
Brave Thumbnails
Collect Brave Thumbnails
69
Browser
Chrome Favicons
Collect Chrome Favicons
70
Browser
Chromium Favicons
Collect Chromium Favicons
71
Browser
Edge Favicons
Collect Edge Favicons
72
Browser
Opera Favicons
Collect Opera Favicons
73
Browser
Vivaldi Favicons
Collect Vivaldi Favicons
74
Browser
Brave Favicons
Collect Brave Favicons
75
Browser
Chrome Login Data
Collect Chrome Login Data
76
Browser
Chromium Login Data
Collect Chromium Login Data
77
Browser
Edge Login Data
Collect Edge Login Data
78
Browser
Opera Login Data
Collect Opera Login Data
79
Browser
Vivaldi Login Data
Collect Vivaldi Login Data
80
Browser
Brave Login Data
Collect Brave Login Data
81
Browser
Chrome Sessions
Collect Chrome Sessions
82
Browser
Chromium Sessions
Collect Chromium Sessions
83
Browser
Brave Sessions
Collect Brave Sessions
84
Browser
Edge Sessions
Collect Edge Sessions
85
Browser
Opera Sessions
Collect Opera Sessions
86
Browser
Vivaldi Sessions
Collect Vivaldi Sessions
87
Browser
Chrome Browsing History
Collect visited URLs from Google Chrome
88
Browser
Firefox Browsing History
Collect visited URLs from Mozilla Firefox
89
Browser
Chromium Browsing History
Collect visited URLs from Chromium
90
Browser
Edge Browsing History
Collect visited URLs from Edge
91
Browser
Opera Browsing History
Collect Visited URLs from Opera
92
Browser
Vivaldi Browsing History
Collect visited URLs from Vivaldi
93
Browser
Brave Browsing History
Collect visited URLs from Brave
94
Browser
Chrome Downloads
Collect Chrome Downloads
95
Browser
Chromium Downloads
Collect Chromium Downloads
96
Browser
Firefox Downloads
Collect Firefox Downloads
97
Browser
Brave Downloads
Collect Brave Downloads
98
Browser
Edge Downloads
Collect Edge Downloads
99
Browser
Opera Downloads
Collect Opera Downloads
100
Browser
Vivaldi Downloads
Collect Vivaldi Downloads
101
Browser
Firefox Cookies
Collect Firefox Cookies
102
Users
User Groups
Collect user group list
103
Users
Users
Collect user list
104
Users
Last Access
Collect last access records
105
Users
Logged Users
Collect logged user list
106
Users
Shadow
Collect shadow content
107
Users
Sudoers
Collect sudoers
108
Users
Failed Login Attempts
Collect fail login attempts
109
SSH
SSH Known Hosts
Collect SSH known hosts
110
SSH
SSH Authorized Keys
Collect SSH authorized keys
111
SSH
SSH Configs
Collect SSH configurations
112
SSH
SSHD Configs
Collect SSHD configurations
113
Network
Hosts
Collect hosts
114
Network
ICMP Table
Collect ICMP table
115
Network
IP Routes
Collect IP routes
116
Network
IP Tables
Collect IP tables
117
Network
Raw Table
Collect Raw table
118
Network
Network Interfaces
Collect network interfaces
119
Network
TCP Table
Collect TCP table
120
Network
UDPLite Table
Collect UDPLite table
121
Network
UDP Table
Collect UDP table
122
Network
Unix Sockets
Collect unix sockets
123
Network
ARP Table
Collect ARP table
124
Network
DNS Resolvers
Collect DNS resolvers
125
Other Evidence
APT Sources
Collect APT sources
126
Other Evidence
APT History
Collect APT history
127
Other Evidence
DEB Packages
Collect Debian packages
128
Other Evidence
YUM Sources
Collect YUM sources
129
Other Evidence
SELinux Configs
Collect SELinux configurations
130
Other Evidence
SELinux Settings
Collect SELinux settings
131
Other Evidence
SUID Binaries
Collect SUID binaries
132
Other Evidence
Shell History
Collect shell history
133
Other Evidence
System Artifacts
Collect system artifacts (Files of collected evidence. For example: /etc/passwd file)
134
Other Evidence
Log Files
Collect log files under /var/log/
1
Server
Apache Logs
Collect Apache Logs
2
Server
NGINX Logs
Collect NGINX Logs
3
Server
MongoDB Logs
Collect MongoDB Logs
4
Server
MySQL Logs
Collect MySQL Logs
5
Server
PostgreSQL Logs
Collect PostgreSQL Logs
6
Server
SSH Server Logs
Collect SSH Server Logs
7
Server
DHCP Server Logs
Collect DHCP Server Logs
8
System
System Logs
Collect System Logs
9
System
Messages
Collect Messages Logs
10
System
Auth Logs
Collect Auth Logs
11
System
Secure
Collect Secure Logs
12
System
Boot Logs
Collect Boot Logs
13
System
Kernel Logs
Collect Kernel Logs
14
System
Mail Logs
Collect Mail Logs
15
Docker
Docker Changes
Collect Docker Changes.
16
Docker
Docker Containers
Collect Docker Containers.
17
Docker
Docker Image History
Collect Docker Image History.
18
Docker
Docker Images
Collect Docker Images.
19
Docker
Docker Info
Collect Docker Info.
20
Docker
Docker Networks
Collect Docker Networks.
21
Docker
Docker Processes
Collect Docker Processes.
22
Docker
Docker Volumes
Collect Docker Volumes.
23
Docker
Docker Container Logs
Collect Docker Container Logs
24
Docker
Docker Logs
Collect Docker Logs on Filesystem
25
Communication
AnyDesk Logs
Collect AnyDesk Logs