Welcome to log Forenix (Log + Forencis + Linux ) - Your Linux Forensic Artifacts Collector Tool! 🚀
Forenix is a powerful shell CLI tool designed to automate the collection of forensic artifacts in Linux systems. It streamlines data collection processes during incident response engagements, reducing dependency on remote tools/agents. With built-in functionality and simplicity, Forenix makes forensic artifact collection a breeze!
- LogForenix collects the command history for both
regular users
and theroot user
. The.bash_history file
contains a record of commands executed in the Bash shell, providing insights into user activities and potential malicious actions. This includes recurring commands or scripts set to run at specific intervals, which may indicate routine system maintenance or suspicious activities. - LogForenix captures network interface information using the
ifconfig
orip addr
commands. This includes details such as IP addresses, MAC addresses, and network configurations, helping investigators understand network connectivity and potential network-related security issues. - LogForenix gathers network connection information using the
netstat
command. This includes established connections, listening ports, and routing tables, providing visibility into active network connections and potential network-based attacks. - LogForenix retrieves a snapshot of running processes with detailed information using the
ps aux
command. This includes process IDs, CPU and memory usage, and associated users, aiding in identifying running applications, services, and potential malicious processes - LogForenix collects system log files located in the
/var/log
directory. These logs contain a wealth of information, including system events, error messages, and user activities, enabling forensic analysts to reconstruct system events and detect anomalies or security incidents. - LogForenix captures temporary file logs stored in the
/tmp
directory. Temporary files may contain valuable information related to user activities, program executions, or malware persistence, allowing investigators to analyze potential security breaches or unauthorized activities.
- It Will Check Automatic and Install .. Relax
Sure, here are the steps formatted nicely in Markdown:
-
🫰 Clone this repository:
git clone https://github.com/naemazam/logForenix.git
-
🚔 Navigate to the directory:
cd logForenix
-
📝 Copy
logForenix.sh
to your local machine. -
🔑 Grant execution permissions by executing
chmod +x logForenix.sh
-
🏃♂️ Run the script using the following command:
sudo ./logForenix.sh
-
⏳ Wait patiently until the script finishes collecting the logs.
-
📦 Once completed, find the compressed logs in
/opt/
directory. dir named as <'hostname'>.tar.gz
Linux OS | Support |
---|---|
Ubuntu | ✅ |
Debian | ✅ |
CentOS | ✅ |
Fedora | ✅ |
Arch Linux | ❌ |
RHEL | ✅ |
OpenSUSE | ✅ |
[Add screenshots here if available]
Running LogForenix on production systems without proper understanding and authorization may lead to unintended consequences, including data loss or system instability. Always ensure you have appropriate permissions and follow best practices when using Forenix or any other forensic tool in sensitive environments.
LogForenix is developed and maintained by Naem Azam. Connect with me on LinkedIn for any inquiries or collaboration opportunities.
This project is licensed under the MIT License.