Systemctl Services
Overview
Section titled “Overview”Evidence: Systemctl Services
Description: Collect Systemctl Running Services
Category: System
Platform: linux
Short Name: sysctl
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”This collector gathers systemctl service information from the Linux system. This data is essential for understanding system service state, detecting unauthorized service changes, and investigating persistence or service-related security incidents.
Data Collected
Section titled “Data Collected”This collector gathers structured data about systemctl services.
Collection Method
Section titled “Collection Method”This collector runs systemctl queries and records results into the systemctl_services table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides service status and configuration information. It helps investigators understand active/inactive services, detect unauthorized service modifications, and investigate persistence mechanisms.