Skip to content

SekoiaLab/Fastir_Collector_Linux

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

fastIR_collector_linux.py

fastIR_collector_linux.py

 
 

Repository files navigation

FastIR Collector Linux

We changed our approach to live forensics acquisition, which means FastIR Collector is no longer maintained. We recommend using our new FastIR Artifacts collector instead

Concepts

This tool collects different artefacts on live Linux and records the results in csv files. With the analysis of these artefacts, an early compromission can be detected. All code must be in a python 2 file and support starts at 2.4. This program should be run as root.

Artefacts

  • System Informations

    • Kernel version
    • Kernel modules
    • Network interfaces
    • Hostname
    • Distribution versions

  • Last Logins

  • Connexions

  • Handles

  • User's data

    • Hidden files in Users profiles
    • SSH know_host files

  • /tmp content

  • Autoruns

    • /etc/*.d
    • /etc/crontab
    • /etc/cron.*/

  • Disks Informations

    • List of partitions
    • MBR

  • Files System Informations

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

165 stars

Watchers

23 watching

Forks

42 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages