Kernel Modules
Overview
Section titled “Overview”Evidence: Kernel Modules
Description: Collect kernel modules
Category: System
Platform: linux
Short Name: krnmods
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Linux kernel modules provide information about loaded kernel extensions and drivers. This data is essential for understanding system kernel configuration and detecting unauthorized kernel modifications.
Data Collected
Section titled “Data Collected”This collector gathers structured data about kernel modules.
Collection Method
Section titled “Collection Method”This collector parses the necessary data from the kernel_modules table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides kernel module information. It helps investigators understand kernel configuration, detect unauthorized kernel modifications, and investigate kernel-based attacks. The data can reveal loaded modules, kernel extensions, and potential kernel vulnerabilities. Analysts can use this information to identify kernel compromises, trace kernel activities, and assess kernel security posture.