System Artifacts
Overview
Section titled “Overview”Evidence: System Artifacts
Description: Collect system artifacts (Files of collected evidence. For example: /etc/passwd file)
Category: System
Platform: aix
Short Name: sysartf
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”This collector gathers system artifacts information from the Linux system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about system artifacts.
Collection Method
Section titled “Collection Method”This collector parses configured artifact sources and collects files, recording metadata into the system_artifacts table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides system artifacts that reveal system changes, unauthorized activities, and potential security vulnerabilities.