🔴Power-Forensics
Power-Forensics is the Best Friend for Incident Responders to perform IR and collect evidences for Linux based host. This is a simple shell script and easy to use.
☸Features:
Once ran, it creates the following files
- SUID.log
- bash.log
- connwithprocess.log
- cronalluser.log
- croncurrentuser.log
- crondaily.log
- cronhourly.log
- cronweekly.log
- currentloggeduser.log
- diskusage.log
- establishedconn.log
- files.log
- free.log
- livecon.log
- process.log
- processtree.log
- systemcommand.log
- uptime.log
- userprofile.log
- memory.mem: This is the memory Dump File
It has also the capability to process the volatile data using Volatility. But it will make some changes to the machine.
🤝Contributing
We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests.
🔼Enhancements:
- Create and test for all other Linux flavours, currently it is only tested for Ubuntu
- Any other data set to be collected.
🙏Support
- Please open an issue on GitHub if you'd like to report a bug or request a feature.
- For real DFIR Training, subscribe to my YouTube Channel
- If you like to support my creation,
