linux-explorer : Easy-to-use live forensics toolbox for Linux endpoints.

linux-explorer : Easy-to-use live forensics toolbox for Linux endpoints.

Linux Expl0rer is an python scripting for Easy-to-use live forensics toolbox for Linux endpoints.
Capabilities:
* ps
+ View full process list
+ Inspect process memory map & fetch memory strings easly
+ Dump process memory in one click
+ Automaticly search hash in public services
+++ VirusTotal
+++ AlienVault OTX

* users
+ users list

* find
+ Search for suspicious files by name/regex

* netstat
+ Whois

Linux Expl0rer

* logs
+ syslog
+ auth.log(user authentication log)
+ ufw.log(firewall log)
+ bash history

* anti-rootkit
+ chkrootkit

* yara
+ Scan a file or directory using YARA signatures by @Neo23x0
+ Scan a running process memory address space
+ Upload your own YARA signature

Requirements
– Python 2.7
– YARA
– chkrootkit

Usage:

Source: https://github.com/intezer