unix_collector Logo

unix_collector

0
Free
Visit Website

unix_collector is a shell script for basic forensic collection of various artefacts from UNIX systems. It runs on various Unix systems and attempts to collect artefacts which could be analysed in attempt to identify potential system compromise. It does a better job when running as root because it can read more files of course. Available platforms: Sun Solaris, Linux, IBM AIX, HPUX, MacOS, Debian, Ubuntu, CentOS, Red Hat, Android, Probably others as well. Script Activities: * Enumerate basic host information such as kernel version, processes, hostname and save details in output directory. * Enumerate files written to the disk and create basic timeline using 'stat' command. * Enumerate network information and save details in output directory. * Enumerate patch and installed software information and save details in output directory. * Enumerate process list and other process information and save details in output directory. * Enumerate application lists, plist/apk for iOS/Android save them in output directory.

FEATURES

ALTERNATIVES

No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.

A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.

RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.

A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

Comprehensive suite for advanced file analysis and software supply chain security.

A library for working with Windows NT data types, providing access and manipulation functions.

Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.

PINNED