FastIR Collector Linux
A live forensics tool for Linux that collects system artifacts and logs them to CSV files for compromise detection.
What is FastIR Collector Linux?
FastIR Collector Linux is a live forensics tool that collects system artifacts from running Linux machines and logs them to CSV files. It helps security analysts detect early signs of compromise by analyzing gathered data like kernel information, user activities, and system configurations. The tool requires root access to ensure comprehensive data collection across the system.
Incident responders, forensic analysts, and security professionals who need to perform live forensics on Linux systems during security investigations.
It provides a lightweight, scriptable approach to artifact collection with structured CSV output, enabling easy integration into automated analysis workflows compared to more complex forensic suites.
Overview
FastIR Collector Linux is a live forensics acquisition tool designed to gather various system artifacts from a running Linux machine. It records findings in CSV files, enabling analysts to detect early signs of compromise through artifact analysis. The tool must be executed with root privileges to access necessary system data.
Key Features
- System Information Collection — Gathers kernel version, modules, network interfaces, hostname, and distribution details.
- User and Login Analysis — Captures last logins, user data, hidden files in profiles, and SSH known_hosts files.
- System Activity Monitoring — Collects connection data, open handles, and /tmp directory contents.
- Autorun Detection — Scans /etc/*.d directories, crontab, and cron schedules for persistence mechanisms.
- Disk and Filesystem Insights — Lists partitions, MBR data, and filesystem information for forensic examination.
Philosophy
FastIR Collector Linux emphasizes simplicity and scriptability by outputting structured CSV data, making it suitable for automated analysis pipelines in incident response scenarios.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
