Linux evidence types

The following categories contain descriptions of the types of evidence that the Collect Evidence task and Trend Micro Incident Response Toolkit collect from Linux endpoints. These evidence types appear in columns after selecting an evidence category when examining an Evidence Report.

• Basic Information
• Process Information
• Service Information
• Network Information
• Account Information
• User Activity
• Shared File Info Objects

When collecting evidence from Linux endpoints, you can collect available logs. Download the raw log file from the evidence report menu by going to Logs → Logs and clicking Download Raw Data. Copy the provided password for the archive file and click Download.