Shared Memory
Overview
Section titled “Overview”Evidence: Shared Memory
Description: Collect shared memory
Category: Memory
Platform: linux
Short Name: sharedm
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”This collector gathers shared memory information from the Linux system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about shared memory.
Collection Method
Section titled “Collection Method”This collector enumerates System V shared memory segments and records them into the shared_memory table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides shared memory usage details that can indicate inter-process communication, potential covert channels, or malware persistence.