unix_collector Logo

unix_collector

0
Free
Visit Website

unix_collector is a shell script for basic forensic collection of various artefacts from UNIX systems. It runs on various Unix systems and attempts to collect artefacts which could be analysed in attempt to identify potential system compromise. It does a better job when running as root because it can read more files of course. Available platforms: Sun Solaris, Linux, IBM AIX, HPUX, MacOS, Debian, Ubuntu, CentOS, Red Hat, Android, Probably others as well. Script Activities: * Enumerate basic host information such as kernel version, processes, hostname and save details in output directory. * Enumerate files written to the disk and create basic timeline using 'stat' command. * Enumerate network information and save details in output directory. * Enumerate patch and installed software information and save details in output directory. * Enumerate process list and other process information and save details in output directory. * Enumerate application lists, plist/apk for iOS/Android save them in output directory.

FEATURES

ALTERNATIVES

Python script to parse the NTFS USN Change Journal.

Open source tool for generating YARA rules about installed software from a running OS.

A library to access and parse OLE 2 Compound File (OLECF) format files.

Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.

Fridump is an open source memory dumping tool using the Frida framework for dumping memory addresses from various platforms.

An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.

Python tool for remote memory acquisition

A command-line utility to show and change EXIF information in JPEG files

PINNED