Linux Collections
AIR supports the following Linux Evidence and Artifacts
Linux Evidence List
1
System
System Controls
Collect system controls
2
System
Cron Jobs
Collect cron jobs
3
System
AppArmor Profiles
Collect AppArmor profiles
4
System
ULimit Information
Collect ulimit information
5
System
Kernel Modules
Collect kernel modules
6
System
Lock Files
Collect lock files
7
System
Systemctl Services
Collect Systemctl Running Services
8
Disk
Block Devices
Collect block devices
9
Disk
Fstab
Collect fstab configuration
10
Disk
Mounts
Collect mounts
11
Disk
NFS Exports
Collect NFS exports
12
File System
File System Enumeration
Dump file and folder information.
13
Processes
Processes
Collect process list
14
Processes
Process Open Files
Collect process open files information
15
Memory
Shared Memory
Collect shared memory
16
Memory
Memory Map
Collect memory map
17
Memory
Swaps
Collect swap info
18
Memory
RAM Image
Create an image of RAM
19
Browser
Default Browser
Collect Default Browser
20
Browser
Chrome Cookies
Collect Chrome Cookies
21
Browser
Chromium Cookies
Collect Chromium Cookies
22
Browser
Edge Cookies
Collect Edge Cookies
23
Browser
Opera Cookies
Collect Opera Cookies
24
Browser
Vivaldi Cookies
Collect Vivaldi Cookies
25
Browser
Brave Cookies
Collect Brave Cookies
26
Browser
Chrome Bookmarks
Collect Chrome Bookmarks
27
Browser
Chromium Bookmarks
Collect Chromium Bookmarks
28
Browser
Edge Bookmarks
Collect Edge Bookmarks
29
Browser
Opera Bookmarks
Collect Opera Bookmarks
30
Browser
Vivaldi Bookmarks
Collect Vivaldi Bookmarks
31
Browser
Brave Bookmarks
Collect Brave Bookmarks
32
Browser
Chrome User Profiles
Collect Chrome User Profiles
33
Browser
Chromium User Profiles
Collect Chromium User Profiles
34
Browser
Edge User Profiles
Collect Edge User Profiles
35
Browser
Opera User Profiles
Collect Opera User Profiles
36
Browser
Vivaldi User Profiles
Collect Vivaldi User Profiles
37
Browser
Brave User Profiles
Collect Brave User Profiles
38
Browser
Chrome Extensions
Collect Chrome Extensions
39
Browser
Firefox Extensions
Collect Firefox Extensions (Addons)
40
Browser
Chrome Local Storage
Collect Chrome Local Storage
41
Browser
Chromium Local Storage
Collect Chromium Local Storage
42
Browser
Edge Local Storage
Collect Edge Local Storage
43
Browser
Opera Local Storage
Collect Opera Local Storage
44
Browser
Vivaldi Local Storage
Collect Vivaldi Local Storage
45
Browser
Brave Local Storage
Collect Brave Local Storage
46
Browser
Dump Chrome Indexed DB
Dump Chrome Indexed DB
47
Browser
Dump Chromium Indexed DB
Dump Chromium Indexed DB
48
Browser
Dump Edge Indexed DB
Dump Edge Indexed DB
49
Browser
Dump Opera Indexed DB
Dump Opera Indexed DB
50
Browser
Dump Vivaldi Indexed DB
Dump Vivaldi Indexed DB
51
Browser
Dump Brave Indexed DB
Dump Brave Indexed DB
52
Browser
Chrome Web Storage
Collect Chrome Web Storage
53
Browser
Chromium Web Storage
Collect Chromium Web Storage
54
Browser
Edge Web Storage
Collect Edge Web Storage
55
Browser
Opera Web Storage
Collect Opera Web Storage
56
Browser
Vivaldi Web Storage
Collect Vivaldi Web Storage
57
Browser
Brave Web Storage
Collect Brave Web Storage
58
Browser
Chrome Form History
Collect Chrome Form History
59
Browser
Chromium Form History
Collect Chromium Form History
60
Browser
Edge Form History
Collect Edge Form History
61
Browser
Opera Form History
Collect Opera Form History
62
Browser
Vivaldi Form History
Collect Vivaldi Form History
63
Browser
Brave Form History
Collect Brave Form History
64
Browser
Chrome Thumbnails
Collect Chrome Thumbnails
65
Browser
Chromium Thumbnails
Collect Chromium Thumbnails
66
Browser
Edge Thumbnails
Collect Edge Thumbnails
67
Browser
Opera Thumbnails
Collect Opera Thumbnails
68
Browser
Vivaldi Thumbnails
Collect Vivaldi Thumbnails
69
Browser
Brave Thumbnails
Collect Brave Thumbnails
70
Browser
Chrome Favicons
Collect Chrome Favicons
71
Browser
Chromium Favicons
Collect Chromium Favicons
72
Browser
Edge Favicons
Collect Edge Favicons
73
Browser
Opera Favicons
Collect Opera Favicons
74
Browser
Vivaldi Favicons
Collect Vivaldi Favicons
75
Browser
Brave Favicons
Collect Brave Favicons
76
Browser
Chrome Login Data
Collect Chrome Login Data
77
Browser
Chromium Login Data
Collect Chromium Login Data
78
Browser
Edge Login Data
Collect Edge Login Data
79
Browser
Opera Login Data
Collect Opera Login Data
80
Browser
Vivaldi Login Data
Collect Vivaldi Login Data
81
Browser
Brave Login Data
Collect Brave Login Data
82
Browser
Chrome Sessions
Collect Chrome Sessions
83
Browser
Chromium Sessions
Collect Chromium Sessions
84
Browser
Brave Sessions
Collect Brave Sessions
85
Browser
Edge Sessions
Collect Edge Sessions
86
Browser
Opera Sessions
Collect Opera Sessions
87
Browser
Vivaldi Sessions
Collect Vivaldi Sessions
88
Browser
Chrome Browsing History
Collect visited URLs from Google Chrome
89
Browser
Firefox Browsing History
Collect visited URLs from Mozilla Firefox
90
Browser
Chromium Browsing History
Collect visited URLs from Chromium
91
Browser
Edge Browsing History
Collect visited URLs from Edge
92
Browser
Opera Browsing History
Collect Visited URLs from Opera
93
Browser
Vivaldi Browsing History
Collect visited URLs from Vivaldi
94
Browser
Brave Browsing History
Collect visited URLs from Brave
95
Browser
Chrome Downloads
Collect Chrome Downloads
96
Browser
Chromium Downloads
Collect Chromium Downloads
97
Browser
Firefox Downloads
Collect Firefox Downloads
98
Browser
Brave Downloads
Collect Brave Downloads
99
Browser
Edge Downloads
Collect Edge Downloads
100
Browser
Opera Downloads
Collect Opera Downloads
101
Browser
Vivaldi Downloads
Collect Vivaldi Downloads
102
Browser
Firefox Cookies
Collect Firefox Cookies
103
Users
User Groups
Collect user group list
104
Users
Users
Collect user list
105
Users
Last Access
Collect last access records
106
Users
Logged Users
Collect logged user list
107
Users
Shadow
Collect shadow content
108
Users
Sudoers
Collect sudoers
109
Users
Failed Login Attempts
Collect fail login attempts
110
SSH
SSH Known Hosts
Collect SSH known hosts
111
SSH
SSH Authorized Keys
Collect SSH authorized keys
112
SSH
SSH Configs
Collect SSH configurations
113
SSH
SSHD Configs
Collect SSHD configurations
114
Network
Hosts
Collect hosts
115
Network
ICMP Table
Collect ICMP table
116
Network
IP Routes
Collect IP routes
117
Network
IP Tables
Collect IP tables
118
Network
Raw Table
Collect Raw table
119
Network
Network Interfaces
Collect network interfaces
120
Network
TCP Table
Collect TCP table
121
Network
UDPLite Table
Collect UDPLite table
122
Network
UDP Table
Collect UDP table
123
Network
Unix Sockets
Collect unix sockets
124
Network
ARP Table
Collect ARP table
125
Network
DNS Resolvers
Collect DNS resolvers
126
Other Evidence
APT Sources
Collect APT sources
127
Other Evidence
APT History
Collect APT history
128
Other Evidence
DEB Packages
Collect Debian packages
129
Other Evidence
YUM Sources
Collect YUM sources
130
Other Evidence
SELinux Configs
Collect SELinux configurations
131
Other Evidence
SELinux Settings
Collect SELinux settings
132
Other Evidence
SUID Binaries
Collect SUID binaries
133
Other Evidence
Shell History
Collect shell history
134
Other Evidence
System Artifacts
Collect system artifacts (Files of collected evidence. For example: /etc/passwd file)
135
Other Evidence
Log Files
Collect log files under /var/log/
Linux Artifact List
1
Server
Apache Logs
Collect Apache Logs
2
Server
NGINX Logs
Collect NGINX Logs
3
Server
MongoDB Logs
Collect MongoDB Logs
4
Server
MySQL Logs
Collect MySQL Logs
5
Server
PostgreSQL Logs
Collect PostgreSQL Logs
6
Server
SSH Server Logs
Collect SSH Server Logs
7
Server
DHCP Server Logs
Collect DHCP Server Logs
8
System
System Logs
Collect System Logs
9
System
Messages
Collect Messages Logs
10
System
Auth Logs
Collect Auth Logs
11
System
Secure
Collect Secure Logs
12
System
Boot Logs
Collect Boot Logs
13
System
Kernel Logs
Collect Kernel Logs
14
System
Mail Logs
Collect Mail Logs
15
Docker
Docker Changes
Collect Docker Changes.
16
Docker
Docker Containers
Collect Docker Containers.
17
Docker
Docker Image History
Collect Docker Image History.
18
Docker
Docker Images
Collect Docker Images.
19
Docker
Docker Info
Collect Docker Info.
20
Docker
Docker Networks
Collect Docker Networks.
21
Docker
Docker Processes
Collect Docker Processes.
22
Docker
Docker Volumes
Collect Docker Volumes.
23
Docker
Docker Container Logs
Collect Docker Container Logs
24
Docker
Docker Logs
Collect Docker Logs on Filesystem
25
Communication
AnyDesk Logs
Collect AnyDesk Logs
Last updated
Was this helpful?