Linux Forensic Analysis Toolkit

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for xanveysel from gravatar.com xanveysel

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: veyselxan
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

Linux Forensic Toolkit (LFT)

Python Version PyPI

A comprehensive command-line tool for Linux system monitoring, forensic analysis, and diagnostics with a user-friendly interface.

Features

🖥️ System Monitoring

  • Real-time system resource dashboard
  • CPU/RAM/Disk/Network usage statistics
  • Active network connections monitoring
  • System uptime tracking

🔍 Forensic Analysis

  • File Analysis

    • File hash generation (MD5, SHA1, SHA256)
    • SUID/SGID file detection
    • File metadata inspection
    • Keyword-based file search

  • Process Analysis

    • Real-time process monitoring
    • Process sorting by resource usage
    • Process memory maps inspection

🌐 Network Analysis

  • Active connection monitoring
  • Listening port display
  • Routing table inspection
  • ARP cache analysis

📊 System Diagnostics

  • Mounted filesystems list
  • Kernel module inspection
  • Environment variables display
  • User login history

� Memory Analysis

  • Memory usage by process
  • Shared memory segments
  • Process memory maps 🚀 Usage Quick Start bash

Install package

pip install linux-forensic-toolkit

# Run the tool

lft

Interactive Menu System

=== LINUX FORENSIC TOOLKIT ===
1. System Monitoring Dashboard  [Realtime metrics]
2. Process Analysis             [Top 50 processes]
3. File Analysis                [Hashes/SUID/Search]
4. Network Analysis             [Connections/Routing]
5. Memory Analysis              [Shared memory]
6. System Information           [Login history/Kernel]
7. Exit

Practical Examples

Search files containing "password"

lft → 3 → 4
Enter directory: /home/user/documents
Keyword: password

Check user login history

lft → 6 → 5

Analyze network connections

lft → 4 → 1

🔑 Key Features

Feature	Command Path	Description
Real-time Monitoring	Main Menu     → 1	Live CPU/RAM/Disk/Network stats with color-coded alerts
Forensic File Search	File Analysis → 4	Recursive content search with line numbers and context
Security Audit	      File Analysis → 2	Detect suspicious SUID/SGID executables
Network Recon	Network Analysis      → 1-4	Complete network mapping (connections/ports/routes)

Advanced Features

► User Login Timeline
  Path: System Info → 5
  Shows: Login/logout times, IP addresses, durations

► Process Memory Inspection
  Path: Memory Analysis → 3
  Features: View memory maps for any running process

► File Fingerprinting
  Path: File Analysis → 1
  Algorithms: MD5, SHA1, SHA256 hash generation

► Environment Audit
  Path: System Info → 4
  Displays: All environment variables with values

📦 Installation

Requirements

  • Python 3.6+

  • Linux system

  • Root access (recommended for full functionality)

  • Recommended packages: net-tools, psutil, prettytable

Install via pip

pip install linux-forensic-toolkit

###Install from source

bash
git clone https://github.com/Veyselxan/linux-forensic-toolkit.git
cd linux-forensic-toolkit
pip install .

📌 Notes

Requires psutil and prettytable packages

Some features require root privileges

File search may take time on large directories

Network features depend on net-tools package

🤝 Contributing

Pull requests welcome! Please follow PEP8 guidelines and include tests for new features.

📄 License

MIT License - See LICENSE for details

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for xanveysel from gravatar.com xanveysel

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: veyselxan
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

This version

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

linux-forensic-toolkit-1.0.1.tar.gz (9.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

linux_forensic_toolkit-1.0.1-py3-none-any.whl (9.1 kB view details)

Uploaded Python 3

File details

Details for the file linux-forensic-toolkit-1.0.1.tar.gz.

File metadata

  • Download URL: linux-forensic-toolkit-1.0.1.tar.gz
  • Upload date:
  • Size: 9.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.8.10

File hashes

Hashes for linux-forensic-toolkit-1.0.1.tar.gz
Algorithm Hash digest
SHA256 6fbcc27af5ce357f01ac327ba675ba15c963886d883f1b4360250c2c07fb6039
MD5 3f765fca444b399cd4a485dbcb02219a
BLAKE2b-256 3f3b5cd3e40be301c03f4c70870c3d33ecd66b49e5a8c2b5570fabc88bd206c1

See more details on using hashes here.

File details

Details for the file linux_forensic_toolkit-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for linux_forensic_toolkit-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 50fc9c70b78b71cbdd8a66d02d7af6d85b3956b296ec211a34f621957d375c24
MD5 267b3c8fc036e2876562a968a1ffb6b2
BLAKE2b-256 8c234278462ed9416b89bbe2bbe29d6f112a23799b2be267544da03f0ae8ba1c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page