¶ Forensicator
https://github.com/Johnng007/Live-Forensicator
¶ Overview
Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation.
It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data entry, it also looks out for unusual files or activities and points it out to the investigator.
**The latest version now analysis Event Logs, it querries the event logs for certain log IDs that might point to an unusual activity or compromise.
It is paramount to note that this script has no inbuilt intelligence its left for the investigator to analyse the output and decide on a conclusion or decide on carrying out more deeper investigation.
¶ How to start?
You can find this here.