live forensicator

We have hosted the application live forensicator in order to run this application in our online workstations with Wine or directly.

Quick description about live forensicator:

Live-Forensicator is a cross-platform suite of scripts designed to assist incident responders and forensic investigators in performing �live forensics� / �live incident response.� It collects a wide variety of system artifacts, indicators, logs, hashes, network info, and suspicious files on a running system (Windows, macOS, Linux) to help identify anomalous behavior, possible compromises, ransomware evidence, etc. It outputs its findings in readable formats (HTML, indexed reports) but doesn�t itself make decisions � investigators must analyze the outputs. It includes modules for detecting suspicious paths/files, analyzing event logs (on Windows), capturing network traffic, hashing files against known malicious hash databases, etc.

Features:

• For Windows: PowerShell module that retrieves system info, event logs (looking for particular IDs), hashes of executables, PowerShell commands, browsing history, etcetera
• For Linux/macOS: Bash/shell scripts using native commands to gather similar forensic-relevant info, hunting for unusual files, collecting system config, logs etcetera
• Option to encrypt collected artifacts using AES with a randomly generated key (on Windows) to preserve confidentiality/integrity during transport etcetera
• Ability to capture network traffic (pcapng) for further analysis in tools like Wireshark
• HTML report output including an index file, so the collected artifacts are organized in working directory with easy navigation
• Ability to search through the system for files with certain extensions like known ransomware file types, looking for anomalies or possible malicious files etcetera

Programming Language: JavaScript.
Categories: