performing-linux-log-forensics-investigation
CommunityReconstruct Linux user activity from system logs.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Linux system logs provide the primary evidence to reconstruct user activity and detect unauthorized access during incidents.
Core Features & Use Cases
- Forensic reconstruction: parse auth.log, syslog, kern.log, and systemd journal to build event timelines.
- Brute-force detection: identify IPs with excessive failed login attempts and correlate with sudo events.
- Incident response workflows: generate human-readable reports and machine-readable payloads for automation.
Quick Start
Run the analyzer against Linux logs to generate a forensic timeline and alert on brute-force activity.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-linux-log-forensics-investigation Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#performing-linux-log-forensics-investigation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.