IR icon indicating copy to clipboard operation
IR copied to clipboard

verified publisher icon hiddenillusion

Metadata

Some dfir stuff

Results 4 IR issues
Sort by recently updated
recently updated
newest added

get_system_details_from_image.py : Consider adding network info

Would be useful to have IP/Domain/Adapter info pulled from images in addition to hostname/product details in https://github.com/hiddenillusion/IR/blob/master/Disk_Analysis/get_system_details_from_image.py functions already written : https://github.com/williballenthin/python-registry/blob/master/samples/forensicating.py#L202

hiddenillusion avatar hiddenillusion

enhancement
Disk Analysis
Windows_OS

LinuxTriage.py - just cat's most recent apache error/access logs

hiddenillusion avatar hiddenillusion

enhancement
Triage
Linux_OS

Other files to grab during Linux Triage

Other files to grab during Linux triage: - [ ] .viminfo - ssh - [ ] authorized_keys - [ ] .ssh/*

hiddenillusion avatar hiddenillusion

enhancement
Triage
Linux_OS

Consider adding file hashes to triage scripts

not sure it's needed for triaging but if you only have one shot I guess it could be useful: via Ian: for i in `echo $PATH | sed "s/:/ /g"`;...

hiddenillusion avatar hiddenillusion

enhancement
Triage

Metadata

31
Stars
8
Forks
Watchers

Owner

verified publisher icon hiddenillusion

Metadata

Some dfir stuff

Back