Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/naemazam/logforenix

log Forenix 🕵️- Your Linux Forensic Artifacts Collector Tool! 🚀
https://github.com/naemazam/logforenix

cyber-security cybersecurity cybersecurity-tools forensic forensic-analysis forensics forensics-investigations forensics-tools linux log logging

Last synced: 3 months ago
JSON representation

log Forenix 🕵️- Your Linux Forensic Artifacts Collector Tool! 🚀

Host: GitHub
URL: https://github.com/naemazam/logforenix
Owner: naemazam
License: mit
Created: 2024-03-13T08:14:19.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-06-18T08:02:45.000Z (8 months ago)
Last Synced: 2024-06-18T09:26:38.363Z (8 months ago)
Topics: cyber-security, cybersecurity, cybersecurity-tools, forensic, forensic-analysis, forensics, forensics-investigations, forensics-tools, linux, log, logging
Language: Shell
Homepage:
Size: 938 KB
Stars: 26
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

Logo

# 🕵️ log Forenix🕵️

Welcome to log Forenix (Log + Forencis + Linux ) - Your Linux Forensic Artifacts Collector Tool! 🚀

## Description

Forenix is a powerful shell CLI tool designed to automate the collection of forensic artifacts in Linux systems. It streamlines data collection processes during incident response engagements, reducing dependency on remote tools/agents. With built-in functionality and simplicity, Forenix makes forensic artifact collection a breeze!

## Features

- LogForenix collects the command history for both `regular users` and the `root user`. The `.bash_history file` contains a record of commands executed in the Bash shell, providing insights into user activities and potential malicious actions. This includes recurring commands or scripts set to run at specific intervals, which may indicate routine system maintenance or suspicious activities.
- LogForenix captures network interface information using the `ifconfig` or `ip addr` commands. This includes details such as IP addresses, MAC addresses, and network configurations, helping investigators understand network connectivity and potential network-related security issues.
- LogForenix gathers network connection information using the `netstat` command. This includes established connections, listening ports, and routing tables, providing visibility into active network connections and potential network-based attacks.
- LogForenix retrieves a snapshot of running processes with detailed information using the `ps aux` command. This includes process IDs, CPU and memory usage, and associated users, aiding in identifying running applications, services, and potential malicious processes
- LogForenix collects system log files located in the `/var/log` directory. These logs contain a wealth of information, including system events, error messages, and user activities, enabling forensic analysts to reconstruct system events and detect anomalies or security incidents.
- LogForenix captures temporary file logs stored in the `/tmp` directory. Temporary files may contain valuable information related to user activities, program executions, or malware persistence, allowing investigators to analyze potential security breaches or unauthorized activities.

## Dependencies

- It Will Check Automatic and Install .. Relax

## How to Run

Sure, here are the steps formatted nicely in Markdown:

1. 🫰 Clone this repository:
```bash
git clone https://github.com/naemazam/logForenix.git
```

2. 🚔 Navigate to the directory:
```bash
cd logForenix
```

3. 📝 Copy `logForenix.sh` to your local machine.

4. 🔑 Grant execution permissions by executing

```bash
chmod +x logForenix.sh
```

6. 🏃‍♂️ Run the script using the following command:

```bash
sudo ./logForenix.sh
```

8. ⏳ Wait patiently until the script finishes collecting the logs.

9. 📦 Once completed, find the compressed logs in `/opt/` directory. dir named as <'hostname'>.tar.gz

## Testing Linux OS List

| Linux OS | Support |
|---------------|---------|
| Ubuntu | ✅ |
| Debian | ✅ |
| CentOS | ✅ |
| Fedora | ✅ |
| Arch Linux | ❌ |
| RHEL | ✅ |
| OpenSUSE | ✅ |

## Screenshots

![Complete](https://github.com/naemazam/logForenix/blob/main/img/logForenix2.png)
[Add screenshots here if available]

## ⚠️ Warning:

Running LogForenix on production systems without proper understanding and authorization may lead to unintended consequences, including data loss or system instability. Always ensure you have appropriate permissions and follow best practices when using Forenix or any other forensic tool in sensitive environments.

![Imag ](https://github.com/naemazam/logForenix/blob/main/img/IMG_6116.JPG)

## About the Author

LogForenix is developed and maintained by [Naem Azam](https://github.com/naemazam). Connect with me on [LinkedIn](https://www.linkedin.com/in/your_profile) for any inquiries or collaboration opportunities.

## License

This project is licensed under the [MIT License](LICENSE).