Views:

View the types of data and information supported for collection from Linux endpoints.

The following categories contain descriptions of the types of evidence collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident Response Toolkit. These evidence types are displayed in columns after selecting an evidence category when examining an Evidence Report.
Note
Note
Shared File Info Objects may be included in multiple evidence categories.
When collecting evidence from Linux endpoints, you may also select to collect available logs. Download the raw log file from the evidence report menu by going to LogsLogs and clicking Download Raw Data. Copy the provided password for the archive file and click Download.