Digital Forensics for Linux
Tools and methodologies for investigating digital incidents and gathering electronic evidence. Task: LinuxExplore 22 curated tools and resources
RELATED TASKS
PINNED
Promoted • 4 tools
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
A command-line forensics tool for tracking and analyzing USB device artifacts and connection history on Linux systems.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.
SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A utility for recovering deleted files from ext3 or ext4 partitions.
A utility for recovering deleted files from ext3 or ext4 partitions.
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.
pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.