SekoiaLab/Fastir_Collector_Linux SekoiaLab/Fastir_Collector_Linux

  • Stars
    star
    171
  • Rank 220,939 (Top 5 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 8 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
SekoiaLab/Fastir_Collector_Linux
github

SekoiaLab

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

FastIR Collector Linux

We changed our approach to live forensics acquisition, which means FastIR Collector is no longer maintained. We recommend using our new FastIR Artifacts collector instead

Concepts

This tool collects different artefacts on live Linux and records the results in csv files. With the analysis of these artefacts, an early compromission can be detected. All code must be in a python 2 file and support starts at 2.4. This program should be run as root.

Artefacts

  • System Informations

    • Kernel version
    • Kernel modules
    • Network interfaces
    • Hostname
    • Distribution versions

  • Last Logins

  • Connexions

  • Handles

  • User's data

    • Hidden files in Users profiles
    • SSH know_host files

  • /tmp content

  • Autoruns

    • /etc/*.d
    • /etc/crontab
    • /etc/cron.*/

  • Disks Informations

    • List of partitions
    • MBR

  • Files System Informations

More Repositories

1

Fastir_Collector

Python
504
star
2

BinaryInjectionMitigation

Two tools used during our analysis of the Microsoft binary injection mitigation implemented in Edge TH2.
C++
52
star
3

pe-tools

Set of python scripts to analyse PE32/PE64 binaries and to extract VB 5/6 headers and Visual Basic p-code functions.
Python
44
star
4

FastIR_Agent

FastIR Agent is a Windows service to execute FastIR Collector on demand
C#
14
star
5

FastIR_Server

The FastIR Server is a Web server to schedule FastIR Collector forensics collect thanks to the FastIR Agent
Python
12
star
6

netblocks

List of netblocks with shared hosting on 20170330
10
star
7

Suricata-Redis

Python
8
star
8

GetHashes

Tools to get several hashes of a file in argument
C#
6
star
9

CERT-Services

Welcome to the CERT-SEKOIA repository ! This repository contains tools, IOCs and cyber threat intelligence materials regarding CERT activities.
Python
2
star
10

netmaker-coredns

CoreDNS plugin for netmaker
Go
1
star
11

github-actions-mattermost-post

Post messages to Mattermost via GitHub Actions
JavaScript
1
star