fatcousin
// artifact family

linux forensics

13 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
13
catalog slugs
13
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. linux auth log analyzerdrop auth.log or secure · ssh logins · sudo usage · brute force detection · privilege escalation · timeline · runs locally
  2. linux bash history analyzerdrop bash zsh sh history files · command timeline · dangerous commands · reverse shells · download and execute · credential patterns · runs locally
  3. linux syslog analyzerdrop syslog messages kern.log or journald export · parse events · kernel messages · service crashes · oom killer · systemd failures · timeline · runs locally
  4. linux log timelinedrop multiple linux log files · merge auth.log syslog kern.log apache access logs · unified timeline · correlation · runs locally
  5. linux cron forensicsdrop crontab files or cron.d entries · parse all jobs · next run times · flag suspicious · download execute patterns · runs locally
  6. elf binary analyzerdrop a linux elf executable or library · architecture · sections · imports · exports · strings · packer detection · security flags · runs locally
  7. linux persistence analyzerdrop linux artifact files · identify all persistence mechanisms · rc.local · systemd units · cron · authorized keys · ld.so.preload · profile scripts · runs locally
  8. linux process artifacts analyzerdrop proc filesystem snapshots · parse cmdline maps exe fd net · process tree · open connections · memory maps · runs locally
  9. linux auditd log deep analyzerdrop audit.log or ausearch export · syscall and file access · privilege escalation · execve timeline · multi-record correlation · csv export · runs locally
  10. linux extended attribute forensic analyzerdrop getfattr output or filesystem listing with xattr data · parse linux extended attributes · extract security labels · capabilities · custom metadata · detect data hiding in xattrs · capability escalation risks · runs locally
  11. linux persistence mechanism deep analyzerdrop cron systemd profile ssh ld.so listings · map persistence paths · suspicion scoring · csv export · runs locally
  12. ssh forensic artifact analyzerdrop auth.log known_hosts authorized_keys sshd_config · session timeline · brute force hints · key fingerprints · csv export · runs locally
  13. linux rootkit artifact scannerdrop proc and filesystem listings · hidden files · ld.so.preload · setuid inventory · kernel module anomalies · csv export · runs locally
ready