Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ LEAF - Linux Evidence Acquisition Framework

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š LEAF - Linux Evidence Acquisition Framework


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: kitploit.com


Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules and parameters as input, LEAF is able to use smart analysis to extract Linux artifacts and output to an ISO image file.


Usage

LEAF_master.py [-h] [-i INPUT [INPUT ...]] [-o OUTPUT] [-u USERS [USERS ...]] [-c CATEGORIES [CATEGORIES ...]] [-v]
[-s] [-g [GET_FILE_BY_OWNER [GET_FILE_BY_OWNER ...]]] [-y [YARA [YARA ...]]]
[-yr [YARA_RECURSIVE [YARA_RECURSIVE ...]]] [-yd [YARA_DESTINATIONS [YARA_DESTINATIONS...]]]

LEAF (Linux Evidence Acquisition Framework) - Cartware
____ _________ ___________ __________
/ / / _____/ / ____ / / ______/
/ / / /____ / /___/ / / /____
/ / / _____/ / ____ / / _____/
/ /_____ / /_____ / / / / / /
/_________/ /_________/ /___/ /___/ /___/ v2.0

Process Ubuntu 20.04/Debian file systems for forensic artifacts, extract important data, and export information to an ISO9660 file. Compatible with EXT4 file system and common locations on Ubuntu 20.04 operating system. See help page for more information. Suggested usage: Do not run from LEAF/ directory

Parameters

optional arguments:

-h, --help show this help message and exit

-i INPUT [INPUT ...], --input INPUT [INPUT ...]
Additional Input locations. Separate multiple input files with spaces
Default: /home/user1/Desktop/LEAF-3/target_locations

-o OUTPUT, --output OUTPUT

Output directory location

Default: ./LEAF_output

-u USERS [USERS ...], --users USERS [USERS ...]

Users to include in output, separated by spaces (i.e. -u alice bob root).
Users not present in /etc/passwd will be removed
Default: All non-service users in /etc/passwd
-c CATEGORIES [CATEGORIES ...], --categories CATEGORIES [CATEGORIES ...]< br/> Explicit artifact categories to include during acquisition.
Categories must be separated by space, (i.e. -c network users apache).
Full List of built-in categories includes:
APPLICATIONS, EXECUTIONS, LOGS, MISC, NETWORK, SHELL, STARTUP, SERVICES, SYSTEM, TRASH, USERS
Categories are compatible with user-inputted files as long as they follow the notation:
# CATEGORY
/location1
/location2
.../location[n]
# END CATEGORY
Default: "all"
-v, --verbose Output in verbose mode, (may conflict with progress bar)
Default: False
-s, --save Save the raw evidence directory
Default: False
-g [GET_ OWNERSHIP [GET_OWNERSHIP ...]], --get_ownership [GET_OWNERSHIP [GET_OWNERSHIP ...]]
Get files and directories owned by included users.
Enabling this will increase parsing time.
Use -g alone to parse from / root directory.
Include paths after -g to specify target locations (i.e. "-g /etc /home/user/Downloads/
Default: Disabled
-y [YARA [YARA ...]], --yara [YARA [YARA ...]]
Configure Yara IOC scanning. Select -y alone to enable Yara scanning.
Specify '-y /path/to/yara/' to specify custom input location.
For multiple inputs, use spaces between items,
i.e. '-y rulefile1.yar rulefile2.yara rule_dir/'
All yara files m ust have ".yar" or ".yara" extension.
Default: None
-yr [YARA_RECURSIVE [YARA_RECURSIVE ...]], --yara_recursive [YARA_RECURSIVE [YARA_RECURSIVE ...]]
Configure Recursive Yara IOC scanning.
For multiple inputs, use spaces between items,
i.e. '-yr rulefile1.yar rulefile2.yara rule_dir/'.
Directories in this list will be scanned recursively.
Can be used in conjunction with the normal -y flag,
but intersecting directories will take recursive priority.
Default: None
-yd [YARA_DESTINATIONS [YARA_DESTINATIONS...]], --yara_destinations [YARA_DESTINATIONS [YARA_DESTINATIONS...]]
Destination to run yara files against.
Separate multiple targets with a space.(i.e. /home/alice/ /bin/star/)
Default: All user directories

Example Usages:

To use default arguments [this will use default input file (./target_locations), users (all users), categories (all categories), and output location (./LEAF_output/). Cloned data will not be stored in a local directory, verbose mode is off, and yara scanning is disabled]:
LEAF_main.py

All arguments:
LEAF_main.py -i /home/alice/Desktop/customfile1.txt -o /home/alice/Desktop/ExampleOutput/ -c logs startup services apache -u alice bob charlie -s -v -y /path/to/yara_rule1.yar -yr /path2/to/yara_rules/ -yd /home/frank -g /etc/

To specify usernames, categories, and yara files:
LEAF_main.py -u alice bob charlie -c applications executions users -y /home/alice/Desktop/yara1.yar /home/alice/Desktop/yara2.yar

To include custom input file(s) and categories:
LEAF_main.py -i /home/alice/Desktop/customfile1.txt /home/alice/Desktop/customfile2.t xt -c apache xampp

How to Use

  • Install Python requirements:
    • Python 3 (preferably 3.8 or higher) (apt install python3)
    • pip 3 (apt install pip3)
  • Download required modules
    • Install modules from requirements.txt (pip3 install -r requirements.txt)
    • If you get an installation error, try sudo -H pip3 install -r requirements.txt
  • Run the script
    • sudo python3 LEAF_master.py with optional arguments


...



๐Ÿ“Œ Nissan Leaf e+ im Test: So lief der bisher beste Leaf


๐Ÿ“ˆ 36.03 Punkte

๐Ÿ“Œ Elektroauto Re-Leaf: Nissan baut den Leaf zum Notfall-Kraftwerk um


๐Ÿ“ˆ 36.03 Punkte

๐Ÿ“Œ Digital Forensics โ€“ Evidence Acquisition and EWF Mounting


๐Ÿ“ˆ 27.25 Punkte

๐Ÿ“Œ Digital Forensics โ€“ Evidence Acquisition and EWF Mounting


๐Ÿ“ˆ 27.25 Punkte

๐Ÿ“Œ Digital Forensics โ€“ Evidence Acquisition and EWF Mounting


๐Ÿ“ˆ 27.25 Punkte

๐Ÿ“Œ Digital Forensics โ€“ Evidence Acquisition and EWF Mounting


๐Ÿ“ˆ 27.25 Punkte

๐Ÿ“Œ Timely acquisition of network traffic evidence in the middle of an incident response procedure, (Wed, Dec 25th)


๐Ÿ“ˆ 27.25 Punkte

๐Ÿ“Œ Microsoftโ€™s acquisition of Nuance signals a trend of industry-specific acquisition


๐Ÿ“ˆ 27.08 Punkte

๐Ÿ“Œ Perfect Acquisition Part 3: Perfect HFS Acquisition


๐Ÿ“ˆ 27.08 Punkte

๐Ÿ“Œ Elcomsoft iOS Forensic Toolkit 2.1 Adds Physical Acquisition of Latest Versions of iOS, Implements Built-In Logical Acquisition


๐Ÿ“ˆ 27.08 Punkte

๐Ÿ“Œ CVE-2022-43484 | TERASOLUNA Global Framework/Server Framework Spring Framework input validation


๐Ÿ“ˆ 22.05 Punkte

๐Ÿ“Œ Meet NeROIC: An Efficient Artificial Intelligence (AI) Framework For Object Acquisition Of Images In The Wild


๐Ÿ“ˆ 20.89 Punkte

๐Ÿ“Œ Sicherheitslรผcke in Nissan-Leaf-App entdeckt


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Sicherheitsforscher kapert Nissan Leaf per mobiler App


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Handy-App fรผr Elektroauto Nissan Leaf sperrangelweit offen


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan Pulls Leaf App Over Security Concerns (February 24 and 25, 2016)


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan baut 50 000sten Leaf in Sunderland


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan Leaf: Autonome Elektroautos rollen ab Februar auf Londons StraรŸen


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan Leaf hackable through insecure APIs


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Sicherheitslรผcke in Begleit-App: Nissans Leaf kann aus der Ferne manipuliert werden


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Handy-App fรผr Elektroauto Nissan Leaf sperrangelweit offen


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan deaktiviert nach Hackerangriff die App fรผr das E-Auto Leaf


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Sicherheitslรผcke in Nissan-Leaf-App entdeckt


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Sicherheitsforscher kapert Nissan Leaf per mobiler App


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Sicherheitslรผcke in Begleit-App: Nissans Leaf kann aus der Ferne manipuliert werden


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan Leaf hackable through insecure APIs


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Sicherheitslรผcke in Begleit-App: Nissans Leaf kann aus der Ferne manipuliert werden


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Handy-App fรผr Elektroauto Nissan Leaf sperrangelweit offen


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Handy-App fรผr Elektroauto Nissan Leaf sperrangelweit offen


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan Pulls Leaf App Over Security Concerns (February 24 and 25, 2016)


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan baut 50 000sten Leaf in Sunderland


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan deaktiviert nach Hackerangriff die App fรผr das E-Auto Leaf


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Sicherheitslรผcke in Begleit-App: Nissans Leaf kann aus der Ferne manipuliert werden


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Nissan Leaf: Autonome Elektroautos rollen ab Februar auf Londons StraรŸen


๐Ÿ“ˆ 18.01 Punkte











matomo