Skip to content
/ Emperor Public

Emperor is a Bash script for Linux, designed to pull critical forensic artifacts from a target during IR, for direct analysis on a forensic workstation.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Analyzer1x7000/Emperor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
Emperor.sh
Emperor.sh
 
 
README.md
README.md
 
 

Repository files navigation

Emperor_Smaller

About Emperor

Emperor (inspired by Sokol) is a DFIR script designed to pull critical forensic artifacts from a target during IR.

Usage

Download Emperor.sh and run via the command line:

sudo bash ./Emperor.sh

image image

Features

Emperor collects the following artifacts.

    [+] sysctl + Kernel Information
    [+] Running Processes & Resource Usage Data
    [+] Full File System Enumeration
    [+] Firewall rules
    [+] Active connections
    [+] Processes & PIDs / Command Lines
    [+] Installed Packages
    [+] All Executable, Shell, & Script Files + Hashes
    [+] Mounted Filesystems
    [+] /proc/
    [+] /home/
    [+] /var/
    [+] /etc/
    [+] /usr/
    [+] /tmp/
    [+] Bash History
    [+] zsh History

About

Emperor is a Bash script for Linux, designed to pull critical forensic artifacts from a target during IR, for direct analysis on a forensic workstation.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages