It contains an advanced Bash script designed for conducting digital forensics on Linux systems. The script automates the collection of a wide range of system and user data, making it an invaluable tool for digital forensic investigators.
Please note that :
-This script collects various Linux artifacts for incident response
-It requires root privileges and creates a directory named "ir_data" in the current working directory
-It uses native tools such as ps, netstat, ls, find, etc.
-It also hashes the running processes and executable files using sha256sum
-It extracts information from files and directories to create a bodyfile
-It collects user and system configuration files and logs
To run the Easy_Linux_IR, follow these steps:
Download the script from the repository.
Give it executable permission:
chmod +x Easy_Linux_IR.sh
Execute the script with appropriate permissions (root permissions may be required for some commands):
sudo ./Easy_Linux_IR.sh
You can move to the folder (ir_data) and view the output files
Note: You can modify the script as per your specific use case.
Contributions to this cheatsheet are welcome. Please submit a pull request or open an issue for suggestions.