-
Notifications
You must be signed in to change notification settings - Fork 243k
Expand file tree
/
Copy pathforensics tool
More file actions
75 lines (66 loc) · 1.74 KB
/
forensics tool
File metadata and controls
75 lines (66 loc) · 1.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
# Forensics Tool Script
# Author: Your Name
# Date: YYYY-MM-DD
# Description: A simple forensics tool to gather system info and check for modified files.
# Function to gather system information
gather_system_info() {
echo "Gathering system information..."
echo "Hostname: $(hostname)"
echo "Operating System: $(uname -o)"
echo "Kernel Version: $(uname -r)"
echo "Uptime: $(uptime -p)"
echo "Users currently logged in:"
who
echo "-----------------------------------"
}
# Function to check for modified files
check_modified_files() {
echo "Checking for modified files in /etc..."
find /etc -type f -mtime -7 -exec ls -l {} \; | sort
echo "-----------------------------------"
}
# Function to analyze log files
analyze_logs() {
echo "Analyzing system logs..."
echo "Last 10 entries in /var/log/auth.log:"
tail -n 10 /var/log/auth.log
echo "-----------------------------------"
}
# Function to display help
display_help() {
echo "Usage: $0 [option]"
echo "Options:"
echo " -s Gather system information"
echo " -m Check for modified files"
echo " -l Analyze log files"
echo " -h Display this help message"
}
# Main script logic
if [ $# -eq 0 ]; then
echo "No options provided. Use -h for help."
exit 1
fi
while getopts ":smlh" opt; do
case $opt in
s)
gather_system_info
;;
m)
check_modified_files
;;
l)
analyze_logs
;;
h)
display_help
;;
\?)
echo "Invalid option: -$OPTARG" >&2
display_help
exit 1
;;
esac
done
# End of script
echo "Forensics tool execution completed."