diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc75636..e27fda8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 ### Artifacts
 
+- live_response/packages/dpkg.yaml: Updated to verify all packages to compare information about the installed files in the package with information about the files taken from the package metadata stored in the dpkg database [linux] ([mnrkbys](https://github.com/mnrkbys)).
+- live_response/packages/package_owns_file.yaml: Added collection of which installed package owns a specific file or command. Note that this artifact is resource-intensive and time-consuming to execute, so it is disabled by default in all profiles [linux] ([mnrkbys](https://github.com/mnrkbys)).
 - live_response/system/getcap.yaml: Added functionality to collect the list of files with associated process capabilities [linux] ([mnrkbys](https://github.com/mnrkbys)).
 
 ### New Artifacts Properties
diff --git a/artifacts/files/packages/dpkg.yaml b/artifacts/files/packages/dpkg.yaml
index e2d7a07..c1f11b0 100644
--- a/artifacts/files/packages/dpkg.yaml
+++ b/artifacts/files/packages/dpkg.yaml
@@ -1,4 +1,4 @@
-version: 1.0
+version: 1.1
 artifacts:
   -
     description: Collect dpkg packages status file.
@@ -6,4 +6,9 @@ artifacts:
     collector: file
     path: /var/lib/dpkg/status
     ignore_date_range: true
-  
\ No newline at end of file
+  -
+    description: Collect dpkg packages log file.
+    supported_os: [linux]
+    collector: file
+    path: /var/log/dpkg.log
+    ignore_date_range: true
diff --git a/artifacts/live_response/packages/dpkg.yaml b/artifacts/live_response/packages/dpkg.yaml
index f150ec6..07e373a 100644
--- a/artifacts/live_response/packages/dpkg.yaml
+++ b/artifacts/live_response/packages/dpkg.yaml
@@ -1,4 +1,4 @@
-version: 2.0
+version: 2.1
 condition: command_exists "dpkg"
 output_directory: /live_response/packages
 artifacts:
@@ -8,3 +8,9 @@ artifacts:
     collector: command
     command: dpkg -l
     output_file: dpkg_-l.txt
+  -
+    description: Verify all packages to compare information about the installed files in the package with information about the files taken from the package metadata stored in the dpkg database.
+    supported_os: [linux]
+    collector: command
+    command: dpkg -V
+    output_file: dpkg_-V.txt
diff --git a/artifacts/live_response/packages/package_owns_file.yaml b/artifacts/live_response/packages/package_owns_file.yaml
new file mode 100644
index 0000000..ed231c3
--- /dev/null
+++ b/artifacts/live_response/packages/package_owns_file.yaml
@@ -0,0 +1,97 @@
+version: 1.0
+condition: command_exists "dpkg" || command_exists "pacman" || command_exists "rpm"
+output_directory: /live_response/packages
+artifacts:
+  -
+    description: List filenames under /bin/.
+    supported_os: [linux]
+    collector: find
+    path: /bin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: List filenames under /sbin/.
+    supported_os: [linux]
+    collector: find
+    path: /sbin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: List filenames under /usr/bin/.
+    supported_os: [linux]
+    collector: find
+    path: /usr/bin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: List filenames under /usr/sbin/.
+    supported_os: [linux]
+    collector: find
+    path: /usr/sbin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: List filenames under /usr/local/bin/.
+    supported_os: [linux]
+    collector: find
+    path: /usr/local/bin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: List filenames under /usr/local/sbin/.
+    supported_os: [linux]
+    collector: find
+    path: /usr/local/sbin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: List filenames under /opt/bin/.
+    supported_os: [linux]
+    collector: find
+    path: /opt/bin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: List filenames under /opt/sbin/.
+    supported_os: [linux]
+    collector: find
+    path: /opt/sbin/*
+    file_type: [f, l]
+    output_directory: /%temp_directory%/live_response/packages
+    output_file: binary_files.txt
+  -
+    description: Determine which installed package owns a specific file or command.
+    supported_os: [linux]
+    collector: command
+    condition: command_exists "dpkg"
+    foreach: sort -u /%temp_directory%/live_response/packages/binary_files.txt
+    command: dpkg -S "%line%"
+    output_directory: /live_response/packages
+    output_file: dpkg_-S.txt
+    redirect_stderr_to_stdout: true
+  -
+    description: Determine which installed package owns a specific file or command.
+    supported_os: [linux]
+    collector: command
+    condition: command_exists "pacman"
+    foreach: sort -u /%temp_directory%/live_response/packages/binary_files.txt
+    command: pacman -Q -o "%line%"
+    output_directory: /live_response/packages
+    output_file: pacman_-Q_-o.txt
+    redirect_stderr_to_stdout: true
+  -
+    description: Determine which installed package owns a specific file or command.
+    supported_os: [linux]
+    collector: command
+    condition: command_exists "rpm"
+    foreach: sort -u /%temp_directory%/live_response/packages/binary_files.txt
+    command: rpm -q -f "%line%" | sed -e "s|$|: %line%|"
+    output_directory: /live_response/packages
+    output_file: rpm_-q_-f.txt
diff --git a/artifacts/live_response/packages/rpm.yaml b/artifacts/live_response/packages/rpm.yaml
index 83cad07..cd172e4 100644
--- a/artifacts/live_response/packages/rpm.yaml
+++ b/artifacts/live_response/packages/rpm.yaml
@@ -20,4 +20,3 @@ artifacts:
     collector: command
     command: rpm -V -a
     output_file: rpm_-V_-a.txt
-  
\ No newline at end of file
diff --git a/profiles/full.yaml b/profiles/full.yaml
index 1bdaace..49c02a3 100644
--- a/profiles/full.yaml
+++ b/profiles/full.yaml
@@ -20,6 +20,7 @@ artifacts:
   - live_response/system/*
   - live_response/hardware/*
   - live_response/packages/*
+  - !live_response/packages/package_owns_file.yaml
   - live_response/storage/*
   - live_response/containers/*
   - live_response/vms/*
diff --git a/profiles/ir_triage.yaml b/profiles/ir_triage.yaml
index f0008c8..c1fdecb 100644
--- a/profiles/ir_triage.yaml
+++ b/profiles/ir_triage.yaml
@@ -20,6 +20,7 @@ artifacts:
   - live_response/system/*
   - live_response/hardware/*
   - live_response/packages/*
+  - !live_response/packages/package_owns_file.yaml
   - live_response/storage/*
   - live_response/containers/*
   - live_response/vms/*