unix_collector Logo

unix_collector

0
Free
Visit Website

unix_collector is a shell script for basic forensic collection of various artefacts from UNIX systems. It runs on various Unix systems and attempts to collect artefacts which could be analysed in attempt to identify potential system compromise. It does a better job when running as root because it can read more files of course. Available platforms: Sun Solaris, Linux, IBM AIX, HPUX, MacOS, Debian, Ubuntu, CentOS, Red Hat, Android, Probably others as well. Script Activities: * Enumerate basic host information such as kernel version, processes, hostname and save details in output directory. * Enumerate files written to the disk and create basic timeline using 'stat' command. * Enumerate network information and save details in output directory. * Enumerate patch and installed software information and save details in output directory. * Enumerate process list and other process information and save details in output directory. * Enumerate application lists, plist/apk for iOS/Android save them in output directory.

FEATURES

ALTERNATIVES

A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.

A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.

Dump iOS Frequent Locations from StateModel#.archive files.

A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.

A collection of tools for extracting and analyzing information from .git repositories

A software that collects forensic artifacts on systems for forensic investigations.

A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.

WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.