Raw Table
Overview
Section titled “Overview”Evidence: Raw Table
Description: Collect Raw table
Category: Network
Platform: linux
Short Name: rawtab
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”This collector gathers raw socket connection table information from the Linux system. This data is essential for understanding low-level network activity and detecting potentially suspicious raw socket usage.
Data Collected
Section titled “Data Collected”This collector gathers structured data about raw table.
Collection Method
Section titled “Collection Method”This collector parses /proc raw socket tables and records entries into the raw_table table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides raw socket usage visibility. It helps investigators detect packet crafting tools, covert channels, and low-level networking anomalies.