Back to binalyze.com

Linux Collections

AIR supports the following Linux Evidences

Linux Evidence List

#

Evidence (click for details)

Category

Parsed

Sent to the Investigation Hub

Raw Files Collected

1

APT History

System

Yes

Yes

No

2

APT Sources

System

Yes

Yes

No

3

ARP Table

Network

Yes

Yes

No

4

AnyDesk Logs

Applications

No

No

Yes

5

Apache Logs

Applications

No

No

Yes

6

AppArmor Profiles

System

Yes

Yes

No

7

Auth Logs

System

No

No

Yes

8

Block Devices

DiskFilesystem

Yes

Yes

No

9

Boot Logs

System

No

No

Yes

10

Brave Bookmarks

Applications

Yes

Yes

No

11

Brave Browsing History

Applications

Yes

Yes

No

12

Brave Cookies

Applications

Yes

Yes

No

13

Brave Downloads

Applications

Yes

Yes

No

14

Brave Favicons

Applications

Yes

Yes

No

15

Brave Form History

Applications

Yes

Yes

No

16

Brave Local Storage

Applications

Yes

Yes

No

17

Brave Login Data

Applications

Yes

Yes

No

18

Brave Sessions

Applications

Yes

Yes

No

19

Brave Thumbnails

Applications

Yes

Yes

No

20

Brave User Profiles

Applications

Yes

Yes

No

21

Brave Web Storage

Applications

Yes

Yes

No

22

Chrome Bookmarks

Applications

Yes

Yes

No

23

Chrome Browsing History

Applications

Yes

Yes

No

24

Chrome Cookies

Applications

Yes

Yes

No

25

Chrome Downloads

Applications

Yes

Yes

No

26

Chrome Extensions

Applications

Yes

Yes

No

27

Chrome Favicons

Applications

Yes

Yes

No

28

Chrome Form History

Applications

Yes

Yes

No

29

Chrome Local Storage

Applications

Yes

Yes

No

30

Chrome Login Data

Applications

Yes

Yes

No

31

Chrome Sessions

Applications

Yes

Yes

No

32

Chrome Thumbnails

Applications

Yes

Yes

No

33

Chrome User Profiles

Applications

Yes

Yes

No

34

Chrome Web Storage

Applications

Yes

Yes

No

35

Chromium Bookmarks

Applications

Yes

Yes

No

36

Chromium Browsing History

Applications

Yes

Yes

No

37

Chromium Cookies

Applications

Yes

Yes

No

38

Chromium Downloads

Applications

Yes

Yes

No

39

Chromium Favicons

Applications

Yes

Yes

No

40

Chromium Form History

Applications

Yes

Yes

No

41

Chromium Local Storage

Applications

Yes

Yes

No

42

Chromium Login Data

Applications

Yes

Yes

No

43

Chromium Sessions

Applications

Yes

Yes

No

44

Chromium Thumbnails

Applications

Yes

Yes

No

45

Chromium User Profiles

Applications

Yes

Yes

No

46

Chromium Web Storage

Applications

Yes

Yes

No

47

Cron Jobs

System

Yes

Yes

No

48

DEB Packages

System

Yes

Yes

No

49

DHCP Server Logs

Applications

No

No

Yes

50

DNF History

System

Yes

Yes

No

51

DNS Resolvers

Network

Yes

Yes

No

52

Default Browser

Applications

Yes

Yes

No

53

Docker Changes

Applications

Yes

Yes

No

54

Docker Container Logs

Applications

Yes

Yes

No

55

Docker Containers

Applications

Yes

Yes

No

56

Docker Image History

Applications

Yes

Yes

No

57

Docker Images

Applications

Yes

Yes

No

58

Docker Info

Applications

Yes

Yes

No

59

Docker Logs

Applications

No

No

Yes

60

Docker Networks

Applications

Yes

Yes

No

61

Docker Processes

Applications

Yes

Yes

No

62

Docker Volumes

Applications

Yes

Yes

No

63

Dump Brave Indexed DB

Applications

Yes

Yes

No

64

Dump Chrome Indexed DB

Applications

Yes

Yes

No

65

Dump Chromium Indexed DB

Applications

Yes

Yes

No

66

Dump Edge Indexed DB

Applications

Yes

Yes

No

67

Dump Opera Indexed DB

Applications

Yes

Yes

No

68

Dump Vivaldi Indexed DB

Applications

Yes

Yes

No

69

ETC Files

System

No

Yes

Yes

70

Edge Bookmarks

Applications

Yes

Yes

No

71

Edge Browsing History

Applications

Yes

Yes

No

72

Edge Cookies

Applications

Yes

Yes

No

73

Edge Downloads

Applications

Yes

Yes

No

74

Edge Favicons

Applications

Yes

Yes

No

75

Edge Form History

Applications

Yes

Yes

No

76

Edge Local Storage

Applications

Yes

Yes

No

77

Edge Login Data

Applications

Yes

Yes

No

78

Edge Sessions

Applications

Yes

Yes

No

79

Edge Thumbnails

Applications

Yes

Yes

No

80

Edge User Profiles

Applications

Yes

Yes

No

81

Edge Web Storage

Applications

Yes

Yes

No

82

Failed Login Attempts

System

Yes

Yes

No

83

File System Enumeration as CSV

DiskFilesystem

Yes

No

No

84

Firefox Browsing History

Applications

Yes

Yes

No

85

Firefox Cookies

Applications

Yes

Yes

No

86

Firefox Downloads

Applications

Yes

Yes

No

87

Firefox Extensions

Applications

Yes

Yes

No

88

Fstab

DiskFilesystem

Yes

Yes

No

89

Hosts

Network

Yes

Yes

No

90

ICMP Table

Network

Yes

Yes

No

91

IP Routes

Network

Yes

Yes

No

92

IP Tables

Network

Yes

Yes

No

93

Kernel Logs

System

No

No

Yes

94

Kernel Modules

System

Yes

Yes

No

95

Last Access

System

Yes

Yes

No

96

Lock Files

System

Yes

Yes

No

97

Log Files

System

Yes

Yes

No

98

Logged Users

System

Yes

Yes

No

99

Mail Logs

System

No

No

Yes

100

Memory Map

Memory

Yes

Yes

No

101

Messages

System

No

No

Yes

102

MongoDB Logs

Applications

No

No

Yes

103

Mounts

DiskFilesystem

Yes

Yes

No

104

MySQL Logs

Applications

No

No

Yes

105

NFS Exports

DiskFilesystem

Yes

Yes

No

106

NGINX Logs

Applications

No

No

Yes

107

Network Interfaces

Network

Yes

Yes

No

108

Opera Bookmarks

Applications

Yes

Yes

No

109

Opera Browsing History

Applications

Yes

Yes

No

110

Opera Cookies

Applications

Yes

Yes

No

111

Opera Downloads

Applications

Yes

Yes

No

112

Opera Favicons

Applications

Yes

Yes

No

113

Opera Form History

Applications

Yes

Yes

No

114

Opera Local Storage

Applications

Yes

Yes

No

115

Opera Login Data

Applications

Yes

Yes

No

116

Opera Sessions

Applications

Yes

Yes

No

117

Opera Thumbnails

Applications

Yes

Yes

No

118

Opera User Profiles

Applications

Yes

Yes

No

119

Opera Web Storage

Applications

Yes

Yes

No

120

PostgreSQL Logs

Applications

No

No

Yes

121

Process Open Files

System

Yes

Yes

No

122

Processes

System

Yes

Yes

No

123

RAM Image

Memory

Yes

Yes

No

124

Raw Table

Network

Yes

Yes

No

125

SELinux Configs

System

Yes

Yes

No

126

SELinux Settings

System

Yes

Yes

No

127

SSH Authorized Keys

Network

Yes

Yes

No

128

SSH Configs

Network

Yes

Yes

No

129

SSH Files

Network

No

Yes

Yes

130

SSH Known Hosts

Network

Yes

Yes

No

131

SSH Server Logs

Applications

No

No

Yes

132

SSHD Configs

Network

Yes

Yes

No

133

SUID Binaries

System

Yes

Yes

No

134

Secure

System

No

No

Yes

135

Shadow

System

Yes

Yes

No

136

Shared Memory

Memory

Yes

Yes

No

137

Shell History

System

Yes

Yes

No

138

Sudoers

System

Yes

Yes

No

139

Swaps

Memory

Yes

Yes

No

140

Sysmon Logs

System

Yes

Yes

No

141

System Artifacts

System

Yes

Yes

No

142

System Controls

System

Yes

Yes

No

143

System Logs

System

No

No

Yes

144

Systemctl Services

System

Yes

Yes

No

145

TCP Table

Network

Yes

Yes

No

146

UDP Table

Network

Yes

Yes

No

147

UDPLite Table

Network

Yes

Yes

No

148

ULimit Information

System

Yes

Yes

No

149

Unix Sockets

Network

Yes

Yes

No

150

User Groups

System

Yes

Yes

No

151

Users

System

Yes

Yes

No

152

Vivaldi Bookmarks

Applications

Yes

Yes

No

153

Vivaldi Browsing History

Applications

Yes

Yes

No

154

Vivaldi Cookies

Applications

Yes

Yes

No

155

Vivaldi Downloads

Applications

Yes

Yes

No

156

Vivaldi Favicons

Applications

Yes

Yes

No

157

Vivaldi Form History

Applications

Yes

Yes

No

158

Vivaldi Local Storage

Applications

Yes

Yes

No

159

Vivaldi Login Data

Applications

Yes

Yes

No

160

Vivaldi Sessions

Applications

Yes

Yes

No

161

Vivaldi Thumbnails

Applications

Yes

Yes

No

162

Vivaldi User Profiles

Applications

Yes

Yes

No

163

Vivaldi Web Storage

Applications

Yes

Yes

No

164

YUM History

System

Yes

Yes

No

165

YUM Sources

System

Yes

Yes

No

PreviousXProtect RemediationNextAnyDesk Logs

Last updated

Was this helpful?