https://github.com/SekoiaLab/Fastir_Collector_Linux
https://github.com/SekoiaLab/Fastir_Collector_Linux
Last synced: 11 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/SekoiaLab/Fastir_Collector_Linux
- Owner: SekoiaLab
- License: gpl-3.0
- Created: 2016-01-25T14:10:58.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2021-01-26T08:20:51.000Z (about 5 years ago)
- Last Synced: 2024-11-19T03:40:49.837Z (over 1 year ago)
- Language: Python
- Size: 24.4 KB
- Stars: 173
- Watchers: 23
- Forks: 42
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-incident-response - FastIR Collector Linux - FastIR for Linux collects different artifacts on live Linux and records the results in CSV files. (IR Tools Collection / Linux Evidence Collection)
- awesome-csirt - FastIR Collector Linux
- awesome-incident-response - FastIR Collector Linux - FastIR for Linux collects different artefacts on live Linux and records the results in csv files. (IR tools Collection / Linux Evidence Collection)
- fucking-awesome-incident-response - FastIR Collector Linux - FastIR for Linux collects different artifacts on live Linux and records the results in CSV files. (IR Tools Collection / Linux Evidence Collection)
README
# FastIR Collector Linux
**We changed our approach to live forensics acquisition, which means FastIR Collector is no longer maintained. We recommend using our new [FastIR Artifacts collector](https://github.com/SekoiaLab/fastir_artifacts) instead**
## Concepts
This tool collects different artefacts on live Linux and records the results in csv files.
With the analysis of these artefacts, an early compromission can be detected.
All code must be in a python 2 file and support starts at 2.4. This program should be run as root.
## Artefacts
* System Informations
* Kernel version
* Kernel modules
* Network interfaces
* Hostname
* Distribution versions
* Last Logins
* Connexions
* Handles
* User's data
* Hidden files in Users profiles
* SSH know_host files
* /tmp content
* Autoruns
* /etc/\*.d
* /etc/crontab
* /etc/cron.\*/
* Disks Informations
* List of partitions
* MBR
* Files System Informations