Boot Logs
Overview
Section titled “Overview”Evidence: Boot Logs
Description: Collect Boot Logs
Category: System
Platform: linux
Short Name: bootl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Linux boot logs contain messages from the boot process including kernel initialization, service startup, hardware detection, and boot-time errors. They capture the system state during boot and initialization sequences.
Data Collected
Section titled “Data Collected”This collector gathers structured data about boot logs.
Collection Method
Section titled “Collection Method”This collector gathers boot log files from /var/log/boot*, which record system boot messages, service initialization, and startup sequence events.
Forensic Value
Section titled “Forensic Value”Boot logs are valuable for investigating system startup issues, rootkit persistence mechanisms, boot-time malware, service startup anomalies, and understanding system configuration at boot time.