Power-Forensics is the Best Friend for Incident Responders to perform IR and collect evidences for Linux based host. This is a simple shell script and easy to use.
Once ran, it creates the following files
- SUID.log
- bash.log
- connwithprocess.log
- cronalluser.log
- croncurrentuser.log
- crondaily.log
- cronhourly.log
- cronweekly.log
- currentloggeduser.log
- diskusage.log
- establishedconn.log
- files.log
- free.log
- livecon.log
- process.log
- processtree.log
- systemcommand.log
- uptime.log
- userprofile.log
- memory.mem: This is the memory Dump File
It has also the capability to process the volatile data using Volatility. But it will make some changes to the machine.
We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests.
- Create and test for all other Linux flavours, currently it is only tested for Ubuntu
- Any other data set to be collected.
- Please open an issue on GitHub if you'd like to report a bug or request a feature.
- For real DFIR Training, subscribe to my YouTube Channel
- If you like to support my creation,
