Skip to content

0x-cde/DFIR

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
linux_forensic_acquisition.sh
linux_forensic_acquisition.sh
 
 
volatile.bat
volatile.bat
 
 

Repository files navigation

DFIR

Here you may find a set of tools that will assist you with the DFIR process.

volatile.bat:

A simple tool for volatile data collection. Collects the following data and stores them in a txt:

  1. date and time of the system.
  2. snapshot of the currently running tasks.
  3. snapshot of the currently available network connections.
  4. available MAC addresses that are in the system's ARP Cache.
  5. system's network configuration.
  6. DNS configurations.
  7. Routing configurations
  8. system variables.
  9. System user information.
  10. The system's network shares.
  11. General workstation information.
  12. general system information

linux_forensic_acquisition.sh

Collects the following data and stores them in a txt:

  1. Processes
  2. Network Connections
  3. Network Interfaces
  4. ARP Cache
  5. DNS Cache
  6. Logged-in Users
  7. User Account Information
  8. Logged-in Sessions
  9. Open Files and Processes
  10. Kernel Information
  11. Environment Variables
  12. System Configuration
  13. Recent Command History
  14. Firewall Rules

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages