Skip to content

log Forenix 🕵️- Your Linux Forensic Artifacts Collector Tool! 🚀

License

Notifications You must be signed in to change notification settings

naemazam/logForenix

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Logo

🕵️ log Forenix🕵️

Welcome to log Forenix (Log + Forencis + Linux ) - Your Linux Forensic Artifacts Collector Tool! 🚀

Description

Forenix is a powerful shell CLI tool designed to automate the collection of forensic artifacts in Linux systems. It streamlines data collection processes during incident response engagements, reducing dependency on remote tools/agents. With built-in functionality and simplicity, Forenix makes forensic artifact collection a breeze!

Features

  • LogForenix collects the command history for both regular users and the root user. The .bash_history file contains a record of commands executed in the Bash shell, providing insights into user activities and potential malicious actions. This includes recurring commands or scripts set to run at specific intervals, which may indicate routine system maintenance or suspicious activities.
  • LogForenix captures network interface information using the ifconfig or ip addr commands. This includes details such as IP addresses, MAC addresses, and network configurations, helping investigators understand network connectivity and potential network-related security issues.
  • LogForenix gathers network connection information using the netstat command. This includes established connections, listening ports, and routing tables, providing visibility into active network connections and potential network-based attacks.
  • LogForenix retrieves a snapshot of running processes with detailed information using the ps aux command. This includes process IDs, CPU and memory usage, and associated users, aiding in identifying running applications, services, and potential malicious processes
  • LogForenix collects system log files located in the /var/log directory. These logs contain a wealth of information, including system events, error messages, and user activities, enabling forensic analysts to reconstruct system events and detect anomalies or security incidents.
  • LogForenix captures temporary file logs stored in the /tmp directory. Temporary files may contain valuable information related to user activities, program executions, or malware persistence, allowing investigators to analyze potential security breaches or unauthorized activities.

Dependencies

  • It Will Check Automatic and Install .. Relax

How to Run

Sure, here are the steps formatted nicely in Markdown:

  1. 🫰 Clone this repository:

    git clone https://github.com/naemazam/logForenix.git
  2. 🚔 Navigate to the directory:

    cd logForenix
  3. 📝 Copy logForenix.sh to your local machine.

  4. 🔑 Grant execution permissions by executing

    chmod +x logForenix.sh
  5. 🏃‍♂️ Run the script using the following command:

    sudo ./logForenix.sh
  6. ⏳ Wait patiently until the script finishes collecting the logs.

  7. 📦 Once completed, find the compressed logs in /opt/ directory. dir named as <'hostname'>.tar.gz

Testing Linux OS List

Linux OS Support
Ubuntu
Debian
CentOS
Fedora
Arch Linux
RHEL
OpenSUSE

Screenshots

Complete [Add screenshots here if available]

⚠️ Warning:

Running LogForenix on production systems without proper understanding and authorization may lead to unintended consequences, including data loss or system instability. Always ensure you have appropriate permissions and follow best practices when using Forenix or any other forensic tool in sensitive environments.

Imag

About the Author

LogForenix is developed and maintained by Naem Azam. Connect with me on LinkedIn for any inquiries or collaboration opportunities.

License

This project is licensed under the MIT License.