Linux Evidence Acquisition Framework

Hello, world! 🌍 I'm a passionate Linux System & Server Administrator, living in front of three tty terminals 🖥 🖥 🖥, where I breathe Linux and script bash every day. With a burning desire to master the command line, I dive deep into the file system. As a content creator on YouTube, I share my journey and knowledge with fellow linux enthusiasts!

Hands-on projects for beginners to learn and practice Linux forensics and essential cybersecurity skills

Tools and Techniques for Digital Forensics and Incident Response

A comprehensive repository for CyberOps documentation, Blue Team playbooks, and open-source forensic tools like Cerberus and Chimera.

Point it at disk + memory evidence; get a correlated, ATT&CK-mapped attack timeline. Rust DFIR orchestrator: one command ingests E01/EWF/VMDK/raw + memory dumps, parses NTFS/registry/EVTX/prefetch/LNK/SRUM/browser/Amcache + memory (processes, netstat, injection), correlates into a DuckDB super-timeline, scans threat-intel, and reports.

Hello, world! 🌍 I'm a passionate Linux System & Server Administrator, living in front of three tty terminals 🖥 🖥 🖥, where I breathe Linux and script bash every day. With a burning desire to master the command line, I dive deep into the file system. As a content creator on YouTube, I share my journey and knowledge with fellow linux enthusiasts!

Home lab for Linux endpoint forensics using GRR Rapid Response, covering server setup, agent deployment, live forensics, memory analysis, and persistence detection.

DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI

Linux Forensics Guide

Useful tools for (not only) digital forensics

A collection of digital forensics lab reports covering Linux artifact recovery, shell history analysis, bash script forensics, and incident reconstruction using tools like SleuthKit, Auditd, and command-line utilities.

Understanding what forensic artifacts are present in the Windows and Linux Operating Systems, how to collect them, and leverage them to investigate security incidents.

Modular, agent-less forensic triage framework for rapid Windows & Linux artifact collection and memory acquisition

Linux Forensic Collector, Quick & Thorough.

SLeek is an interactive Linux threat-hunting script that guides an analyst through a structured, command-line examination of a system for signs of malware and compromise.

Practical labs, case studies, and investigation notes for CHFI v11 — covering digital forensics, malware forensics, incident response, evidence collection, and analysis tools.

Walk any memory dump. Find what's hidden. Linux + Windows kernel forensics from a single static Rust binary — no Python required.

Hands-on cybersecurity investigations including malware analysis, Windows and Linux forensics, disk image analysis, TLS traffic inspection, and file recovery.

Home lab for Linux endpoint forensics using GRR Rapid Response, covering server setup, agent deployment, live forensics, memory analysis, and persistence detection.