View the types of data and information supported for collection from Linux endpoints.
The following categories contain descriptions of the types of evidence
collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident
Response Toolkit. These evidence types are displayed in columns after selecting an
evidence category when examining an Evidence
Report.
NoteShared File Info Objects may be included in multiple evidence categories.
|
When collecting evidence from Linux endpoints, you may also select to collect available
logs. Download the raw log file from the evidence report menu by going to
and clicking Download Raw Data. Copy the provided
password for the archive file and click Download.