unix_collector Logo

unix_collector

0
Free
Visit Website

unix_collector is a shell script for basic forensic collection of various artefacts from UNIX systems. It runs on various Unix systems and attempts to collect artefacts which could be analysed in attempt to identify potential system compromise. It does a better job when running as root because it can read more files of course. Available platforms: Sun Solaris, Linux, IBM AIX, HPUX, MacOS, Debian, Ubuntu, CentOS, Red Hat, Android, Probably others as well. Script Activities: * Enumerate basic host information such as kernel version, processes, hostname and save details in output directory. * Enumerate files written to the disk and create basic timeline using 'stat' command. * Enumerate network information and save details in output directory. * Enumerate patch and installed software information and save details in output directory. * Enumerate process list and other process information and save details in output directory. * Enumerate application lists, plist/apk for iOS/Android save them in output directory.

FEATURES

ALTERNATIVES

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.

Tool for parsing NTFS journal files, $Logfile, and $MFT.

A tool for restoring defocused and blurred images with various deconvolution techniques and fast processing capabilities.

Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.

Remote Acquisition Tool

A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.

Recover event log entries from an image by heuristically looking for record structures.