uac
by tclahr
UAC is a lightweight, extensible incident response tool that automates artifact collection across diverse Unix-like systems for forensic and security investigations.
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
Primary Use Case
UAC is designed for forensic investigators, security analysts, and IT professionals to automate and streamline the collection of system artifacts during incident response, forensic investigations, or compliance audits. It enables rapid data acquisition from a wide range of Unix-like environments without requiring installation or dependencies, minimizing operational overhead during critical incidents.
- Fully customizable via YAML profiles for tailored data collection
- Lightweight, portable, and requires no installation or dependencies
- Adheres to the order of volatility for reliable data acquisition
- Supports artifact collection from a broad range of Unix-like systems including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris
- Collects information on running processes including those without binaries on disk
- Hashes running processes and executable files for integrity verification
- Extracts file and directory status to create forensic bodyfiles
- Acquires volatile memory on Linux systems using multiple methods
Installation
- Download or clone the repository from GitHub
- Ensure the target system has a shell environment available
- No installation or dependencies required; the tool runs directly as a shell script
Usage
>_ ./uac.sh -p profile.yamlRun UAC with a specified YAML profile to customize artifact collection
>_ ./uac.sh --helpDisplay help information and usage options for UAC
- Leverage UAC's YAML customization to create environment-specific artifact profiles for faster triage.
- Integrate UAC into automated incident response playbooks to speed up forensic data collection.
- Use UAC in purple team exercises to validate detection capabilities across diverse Unix-like systems.
- Deploy UAC as a lightweight tool for rapid on-site forensic acquisition without installation overhead.
- Combine UAC's volatile memory acquisition with endpoint detection tools for comprehensive incident analysis.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about uac. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
mvt
mvt-project/mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
post-mortems
danluu/post-mortems
A collection of postmortems. Sorry for the delay in merging PRs!
Detect-It-Easy
horsicq/Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
howtheysre
upgundecha/howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
awesome-incident-response
meirwah/awesome-incident-response
A curated list of tools for incident response
chainsaw
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts