View data and descriptions of evidence in the service information category collected from Linux endpoints.
The following table contains descriptions of the evidence data in the
service information category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident
Response Toolkit. These evidence types are displayed in columns after selecting an
evidence category when examining an Evidence
Report.
Evidence Type
|
Evidence Data
|
Description
|
Autostart entries
|
Group
|
The autorun entry type
|
Name
|
The name or phrase used to identify the entry
|
|
Launch command
|
The full file path of the entry or the associated executable command
|
|
Location
|
The parent folder containing the command in the file system
|
|
File info
|