shell scripting using DF

[vijayleo31]

The Digital Forensics Collection Script is a shell script designed to automate the process of gathering essential forensic data from a Linux system. This script serves as a foundational tool for digital forensic investigators, system administrators, and security professionals who need to collect and analyze system information for incident response, security audits, or forensic investigations.

Objectives
The primary objectives of this project are to:

Automate Data Collection: Streamline the process of collecting critical system information, reducing the time and effort required for manual data gathering.
Ensure Comprehensive Coverage: Collect a wide range of data, including system configurations, user information, running processes, network settings, and logs, to provide a holistic view of the system's state.
Maintain Data Integrity: Ensure that the collected data is stored in a structured manner, preserving its integrity for further analysis.
Key Features
System Information: Gathers basic system information using the uname command, providing details about the kernel and architecture.
User Information: Extracts user account details from the /etc/passwd file, which is crucial for understanding user access and permissions.
Running Processes: Captures a snapshot of all currently running processes using the ps command, which can help identify suspicious activities.
Network Information: Collects network configuration and active connections using ifconfig and netstat, aiding in the analysis of network-related incidents.
Login History: Retrieves last login information to track user access patterns and identify potential unauthorized access.
Installed Packages: Lists installed software packages, which can be useful for identifying vulnerabilities or unauthorized software.
System Logs: Copies relevant system logs from /var/log, providing insights into system events and potential security incidents.
Crontab Entries: Collects scheduled tasks from the crontab, which can reveal automated processes that may be malicious.
File System Information: Gathers information about disk usage and mounted file systems, which is essential for understanding system resources.
Open Files: Uses the lsof command to list open files, helping to identify files that may be in use by processes.
Implementation
The script is implemented in Bash and is designed to be run on Linux systems. It creates a dedicated directory to store all collected data, timestamped for easy identification. The script is structured to handle both Debian-based and Red Hat-based systems for package collection, ensuring compatibility across different Linux distributions.

Usage
To use the script, users must:

Save the script to a file (e.g., forensic_script.sh).
Make the script executable using the chmod command.
Run the script with root privileges to ensure access to all necessary files and directories.
Conclusion
The Digital Forensics Collection Script is a valuable tool for anyone involved in digital forensics or system administration. By automating the data collection process, it enhances efficiency and ensures that critical information is gathered systematically. This script can be further customized and expanded to meet specific forensic needs, making it a versatile addition to any forensic toolkit.

[github-actions]

CLA Assistant Lite bot:
Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request}

[jertel]

Hello! Thanks for your interest in Security Onion. Please start a discussion on proposed changes to the product, so we can determine whether its a good fit, and if so the best approach to implementation.

Closing this PR due to lack of prior discussion.