Here is the markdown description:

Forensicator

ABOUT

Live Forensicator is part of the Black Widow Toolbox. It aims to assist Forensic Investigators and Incident responders in carrying out a quick live forensic investigation.

It achieves this by gathering different system information for further review for anomalous behavior or unexpected data entry, it also looks out for unusual files or activities and points it out to the investigator.

FORENSICATOR FOR WINDOWS

The Windows version of Forensicator is written in Powershell. Forensicator for Windows has added the ability to analyze Event Logs, it queries the event logs for certain log IDs that might point to unusual activity or compromise.

FORENSICATOR FOR MACOS

The MacOS version is a shell script.

FORENSICATOR FOR LINUX

The Linux version is written in Bash.

NOTE

Run the scripts as a privileged user to get value. Forensicator Activities may be flagged by IDS or IPS Solutions so take note. Forensicator results are output in nice-looking html files with an index file. You can find all extracted Artifacts in the same directory as the script was run from.

CHANGELOG

See Wiki For full Changelog.

MORE TOOLS

Want to check out other Black Widow Tools? Anteater - A Python-based web reconnaissance tool. Nessus Pro API - A PowerShell Script to Export and Download Nessus Scan Results via Nessus API.

CONTRIBUTING

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change or add.

LICENSE

MIT

> Visit Live Forensicator Website <