Forencics Recompiler for Linux - Project
This script will recompile most of the information that is usually obtained from a Linux system before an expert or forensic analysis. In addition all the information will be signed with SHA256.
Link to the Github repository
Preview
Preview files tree
Collection
The following actions are performed on the Linux system:
- Dump of the following items:
- File sudoers, passwd and shadow.
- The system files with read permissions
- System directories
- System shells history
- Current system processes
- Network configurations and connections
- System logs (including lastlog)
- List of system files larger than 1GB