Unix-like Artifacts Collector UAC Logo

Unix-like Artifacts Collector UAC

0
Free
Visit Website

Unix-like Artifacts Collector UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts. It was created to facilitate and speed up data collection, and depend less on remote support during incident response engagements. Documentation • Main Features • Supported Operating Systems • Using UAC • Contributing • Support • License 📘 Documentation Project documentation page: https://tclahr.github.io/uac-docs 🌟 Main Features Run everywhere with no dependencies (no installation required). Customizable and extensible collections and artifacts. Respect the order of volatility during artifact collection. Collect information from processes running without a binary on disk. Hash running processes and executable files. Extract information from files and directories to create a bodyfile (including enhanced file attributes for ext4). Collect user and system configuration files and logs. Collect artifacts from applications. Acquire volatile memory from Linux systems using different methods and tools. 💾 Supported Operating Systems AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

FEATURES

ALTERNATIVES

Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.

Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.

Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.

Open-source abuse management toolkit for automating and improving the abuse handling process.

A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.

PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.

A module-based AWS response tool for incident response in AWS environments.

A standardized framework for describing and classifying cybersecurity incidents