ir-rescue
A Windows Batch and Unix Bash script suite for comprehensive host forensic data collection during incident response.
What is ir-rescue?
ir-rescue is a forensic data collection toolkit consisting of a Windows Batch script (ir-rescue-win) and a Unix Bash script (ir-rescue-nix) designed for incident response. It comprehensively gathers live and historical host data—such as memory dumps, filesystem artifacts, network information, and malware indicators—from both Windows and Unix systems. The tool helps security analysts collect evidence efficiently during investigations, especially when remote access or live analysis isn't feasible.
Incident response and forensic analysts, security practitioners, and corporate security teams who need to perform standardized host data acquisitions during security incidents. It's also suitable for organizations that require a consistent forensic collection process across Windows and Unix environments.
Developers choose ir-rescue because it provides a unified, cross-platform approach to forensic data collection with minimal setup, leveraging well-known third-party tools. Its configuration-driven design allows customization of data types collected, and its awareness of forensic footprints ensures analysts understand the tool's impact on the system being investigated.
Overview
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
