Linux Collections
Linux Evidence List
Section titled “Linux Evidence List”| # | Evidence (click for details) |
Category | Parsed | Sent to the Investigation Hub |
Raw Files Collected |
| 1 | APT History | System | Yes | Yes | No |
| 2 | APT Sources | System | Yes | Yes | No |
| 3 | ARP Table | Network | Yes | Yes | No |
| 4 | AnyDesk Logs | Applications | No | No | Yes |
| 5 | Apache Logs | Applications | No | No | Yes |
| 6 | AppArmor Profiles | System | Yes | Yes | No |
| 7 | Auth Logs | System | No | No | Yes |
| 8 | Block Devices | DiskFilesystem | Yes | Yes | No |
| 9 | Boot Logs | System | No | No | Yes |
| 10 | Brave Bookmarks | Applications | Yes | Yes | No |
| 11 | Brave Browsing History | Applications | Yes | Yes | No |
| 12 | Brave Cookies | Applications | Yes | Yes | No |
| 13 | Brave Downloads | Applications | Yes | Yes | No |
| 14 | Brave Favicons | Applications | Yes | Yes | No |
| 15 | Brave Form History | Applications | Yes | Yes | No |
| 16 | Brave Local Storage | Applications | Yes | Yes | No |
| 17 | Brave Login Data | Applications | Yes | Yes | No |
| 18 | Brave Sessions | Applications | Yes | Yes | No |
| 19 | Brave Thumbnails | Applications | Yes | Yes | No |
| 20 | Brave User Profiles | Applications | Yes | Yes | No |
| 21 | Brave Web Storage | Applications | Yes | Yes | No |
| 22 | Chrome Bookmarks | Applications | Yes | Yes | No |
| 23 | Chrome Browsing History | Applications | Yes | Yes | No |
| 24 | Chrome Cookies | Applications | Yes | Yes | No |
| 25 | Chrome Downloads | Applications | Yes | Yes | No |
| 26 | Chrome Extensions | Applications | Yes | Yes | No |
| 27 | Chrome Favicons | Applications | Yes | Yes | No |
| 28 | Chrome Form History | Applications | Yes | Yes | No |
| 29 | Chrome Local Storage | Applications | Yes | Yes | No |
| 30 | Chrome Login Data | Applications | Yes | Yes | No |
| 31 | Chrome Sessions | Applications | Yes | Yes | No |
| 32 | Chrome Thumbnails | Applications | Yes | Yes | No |
| 33 | Chrome User Profiles | Applications | Yes | Yes | No |
| 34 | Chrome Web Storage | Applications | Yes | Yes | No |
| 35 | Chromium Bookmarks | Applications | Yes | Yes | No |
| 36 | Chromium Browsing History | Applications | Yes | Yes | No |
| 37 | Chromium Cookies | Applications | Yes | Yes | No |
| 38 | Chromium Downloads | Applications | Yes | Yes | No |
| 39 | Chromium Favicons | Applications | Yes | Yes | No |
| 40 | Chromium Form History | Applications | Yes | Yes | No |
| 41 | Chromium Local Storage | Applications | Yes | Yes | No |
| 42 | Chromium Login Data | Applications | Yes | Yes | No |
| 43 | Chromium Sessions | Applications | Yes | Yes | No |
| 44 | Chromium Thumbnails | Applications | Yes | Yes | No |
| 45 | Chromium User Profiles | Applications | Yes | Yes | No |
| 46 | Chromium Web Storage | Applications | Yes | Yes | No |
| 47 | Cron Jobs | System | Yes | Yes | No |
| 48 | DEB Packages | System | Yes | Yes | No |
| 49 | DHCP Server Logs | Applications | No | No | Yes |
| 50 | DNF History | System | Yes | Yes | No |
| 51 | DNS Resolvers | Network | Yes | Yes | No |
| 52 | Default Browser | Applications | Yes | Yes | No |
| 53 | Docker Changes | Applications | Yes | Yes | No |
| 54 | Docker Container Logs | Applications | Yes | Yes | No |
| 55 | Docker Containers | Applications | Yes | Yes | No |
| 56 | Docker Image History | Applications | Yes | Yes | No |
| 57 | Docker Images | Applications | Yes | Yes | No |
| 58 | Docker Info | Applications | Yes | Yes | No |
| 59 | Docker Logs | Applications | No | No | Yes |
| 60 | Docker Networks | Applications | Yes | Yes | No |
| 61 | Docker Processes | Applications | Yes | Yes | No |
| 62 | Docker Volumes | Applications | Yes | Yes | No |
| 63 | Dump Brave Indexed DB | Applications | Yes | Yes | No |
| 64 | Dump Chrome Indexed DB | Applications | Yes | Yes | No |
| 65 | Dump Chromium Indexed DB | Applications | Yes | Yes | No |
| 66 | Dump Edge Indexed DB | Applications | Yes | Yes | No |
| 67 | Dump Opera Indexed DB | Applications | Yes | Yes | No |
| 68 | Dump Vivaldi Indexed DB | Applications | Yes | Yes | No |
| 69 | ETC Files | System | No | Yes | Yes |
| 70 | Edge Bookmarks | Applications | Yes | Yes | No |
| 71 | Edge Browsing History | Applications | Yes | Yes | No |
| 72 | Edge Cookies | Applications | Yes | Yes | No |
| 73 | Edge Downloads | Applications | Yes | Yes | No |
| 74 | Edge Favicons | Applications | Yes | Yes | No |
| 75 | Edge Form History | Applications | Yes | Yes | No |
| 76 | Edge Local Storage | Applications | Yes | Yes | No |
| 77 | Edge Login Data | Applications | Yes | Yes | No |
| 78 | Edge Sessions | Applications | Yes | Yes | No |
| 79 | Edge Thumbnails | Applications | Yes | Yes | No |
| 80 | Edge User Profiles | Applications | Yes | Yes | No |
| 81 | Edge Web Storage | Applications | Yes | Yes | No |
| 82 | Failed Login Attempts | System | Yes | Yes | No |
| 83 | File System Enumeration as CSV | DiskFilesystem | Yes | No | No |
| 84 | Firefox Browsing History | Applications | Yes | Yes | No |
| 85 | Firefox Cookies | Applications | Yes | Yes | No |
| 86 | Firefox Downloads | Applications | Yes | Yes | No |
| 87 | Firefox Extensions | Applications | Yes | Yes | No |
| 88 | Fstab | DiskFilesystem | Yes | Yes | No |
| 89 | Hosts | Network | Yes | Yes | No |
| 90 | ICMP Table | Network | Yes | Yes | No |
| 91 | IP Routes | Network | Yes | Yes | No |
| 92 | IP Tables | Network | Yes | Yes | No |
| 93 | Kernel Logs | System | No | No | Yes |
| 94 | Kernel Modules | System | Yes | Yes | No |
| 95 | Last Access | System | Yes | Yes | No |
| 96 | Lock Files | System | Yes | Yes | No |
| 97 | Log Files | System | Yes | Yes | No |
| 98 | Logged Users | System | Yes | Yes | No |
| 99 | Mail Logs | System | No | No | Yes |
| 100 | Memory Map | Memory | Yes | Yes | No |
| 101 | Messages | System | No | No | Yes |
| 102 | MongoDB Logs | Applications | No | No | Yes |
| 103 | Mounts | DiskFilesystem | Yes | Yes | No |
| 104 | MySQL Logs | Applications | No | No | Yes |
| 105 | NFS Exports | DiskFilesystem | Yes | Yes | No |
| 106 | NGINX Logs | Applications | No | No | Yes |
| 107 | Network Interfaces | Network | Yes | Yes | No |
| 108 | Opera Bookmarks | Applications | Yes | Yes | No |
| 109 | Opera Browsing History | Applications | Yes | Yes | No |
| 110 | Opera Cookies | Applications | Yes | Yes | No |
| 111 | Opera Downloads | Applications | Yes | Yes | No |
| 112 | Opera Favicons | Applications | Yes | Yes | No |
| 113 | Opera Form History | Applications | Yes | Yes | No |
| 114 | Opera Local Storage | Applications | Yes | Yes | No |
| 115 | Opera Login Data | Applications | Yes | Yes | No |
| 116 | Opera Sessions | Applications | Yes | Yes | No |
| 117 | Opera Thumbnails | Applications | Yes | Yes | No |
| 118 | Opera User Profiles | Applications | Yes | Yes | No |
| 119 | Opera Web Storage | Applications | Yes | Yes | No |
| 120 | PostgreSQL Logs | Applications | No | No | Yes |
| 121 | Process Open Files | System | Yes | Yes | No |
| 122 | Processes | System | Yes | Yes | No |
| 123 | RAM Image | Memory | Yes | Yes | No |
| 124 | Raw Table | Network | Yes | Yes | No |
| 125 | SELinux Configs | System | Yes | Yes | No |
| 126 | SELinux Settings | System | Yes | Yes | No |
| 127 | SSH Authorized Keys | Network | Yes | Yes | No |
| 128 | SSH Configs | Network | Yes | Yes | No |
| 129 | SSH Files | Network | No | Yes | Yes |
| 130 | SSH Known Hosts | Network | Yes | Yes | No |
| 131 | SSH Server Logs | Applications | No | No | Yes |
| 132 | SSHD Configs | Network | Yes | Yes | No |
| 133 | SUID Binaries | System | Yes | Yes | No |
| 134 | Secure | System | No | No | Yes |
| 135 | Shadow | System | Yes | Yes | No |
| 136 | Shared Memory | Memory | Yes | Yes | No |
| 137 | Shell History | System | Yes | Yes | No |
| 138 | Sudoers | System | Yes | Yes | No |
| 139 | Swaps | Memory | Yes | Yes | No |
| 140 | Sysmon Logs | System | Yes | Yes | No |
| 141 | System Artifacts | System | Yes | Yes | No |
| 142 | System Controls | System | Yes | Yes | No |
| 143 | System Logs | System | No | No | Yes |
| 144 | Systemctl Services | System | Yes | Yes | No |
| 145 | TCP Table | Network | Yes | Yes | No |
| 146 | UDP Table | Network | Yes | Yes | No |
| 147 | UDPLite Table | Network | Yes | Yes | No |
| 148 | ULimit Information | System | Yes | Yes | No |
| 149 | Unix Sockets | Network | Yes | Yes | No |
| 150 | User Groups | System | Yes | Yes | No |
| 151 | Users | System | Yes | Yes | No |
| 152 | Vivaldi Bookmarks | Applications | Yes | Yes | No |
| 153 | Vivaldi Browsing History | Applications | Yes | Yes | No |
| 154 | Vivaldi Cookies | Applications | Yes | Yes | No |
| 155 | Vivaldi Downloads | Applications | Yes | Yes | No |
| 156 | Vivaldi Favicons | Applications | Yes | Yes | No |
| 157 | Vivaldi Form History | Applications | Yes | Yes | No |
| 158 | Vivaldi Local Storage | Applications | Yes | Yes | No |
| 159 | Vivaldi Login Data | Applications | Yes | Yes | No |
| 160 | Vivaldi Sessions | Applications | Yes | Yes | No |
| 161 | Vivaldi Thumbnails | Applications | Yes | Yes | No |
| 162 | Vivaldi User Profiles | Applications | Yes | Yes | No |
| 163 | Vivaldi Web Storage | Applications | Yes | Yes | No |
| 164 | YUM History | System | Yes | Yes | No |
| 165 | YUM Sources | System | Yes | Yes | No |