analyzing-linux-system-artifacts
CommunityUncover Linux compromise through system artifacts.
Data & Analytics#linux#forensics#log-analysis#incident-response#artifact-analysis#persistence-detection#shell-history
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Linux environments accumulate artifacts (auth logs, cron configurations, shell history, and system settings) that are essential for detecting compromises and unauthorized activity. This skill organizes and interprets those artifacts to reveal evidence of intrusion and persistence.
Core Features & Use Cases
- Forensic artifact collection and interpretation across /var/log, /etc, and user home directories.
- Detection of persistence mechanisms (cron jobs, systemd services, SSH keys, rc.local, ld.so.preload) and anomalous user activity.
- Real-world use: during a suspected Linux breach, run this analysis to quickly surface evidence from authentication logs, crontab entries, and history.
Quick Start
Run the Linux artifact analysis against a mounted evidence directory to begin parsing logs, histories, and configurations for indicators of compromise.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-linux-system-artifacts Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#analyzing-linux-system-artifacts Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.