Skip to content

Akashthakar/Remote-Evidence-Collector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

10 Commits
README.md
README.md
Β 
Β 
collector.sh
collector.sh
Β 
Β 

Repository files navigation

πŸ›°οΈ Remote Evidence Collector

Remote Evidence Collector is a lightweight Bash script designed for digital forensics and incident response (DFIR). It allows you to remotely collect evidence from a compromised (sender) system to a collector (receiver) system over the network.

This updated version consolidates both sender and receiver functionality into one interactive script, making the process simpler and more flexible.

✨ Features

  • βœ… Unified script for both sender and receiver roles
  • πŸ”Œ Uses ncat for data transmission
  • πŸ” Collects files, command output, memory images, or disk images
  • βš™οΈ Automates tool installation (like ncat) if missing
  • πŸ“¦ Easy to deploy in trusted environments

βš™οΈ Requirements

  • Bash or compatible shell
  • ncat (from the Nmap project) β€” the script installs it if not present
  • Network access between sender and receiver machines

πŸ§ͺ Installation

Clone the repository and make the script executable:

git clone https://github.com/Akashthakar/Remote-Evidence-Collector.git
cd Remote-Evidence-Collector
chmod +x collector.sh

πŸš€ Usage

Run the unified script on both machines, and it will prompt you to select a role:

./collector.sh

You will be asked:

  • Whether this machine is the Sender or the Receiver
  • IP address and port (for Sender to connect)
  • What type of evidence to send (files, command output, memory, disk image)
  • Where to store the evidence on the receiver side

πŸ“ Example Flow:

πŸ”Ή On the Receiver (Collector)

./collector.sh
  • Select Receiver
  • Enter port to listen on (e.g., 4444)
  • Enter destination file name to save received data

πŸ”Ή On the Sender (Infected system)

./collector.sh
  • Select Sender
  • Enter receiver's IP and port
  • Select type of data to send (e.g., file, memory image, command output)
  • Provide source path or command

The script handles the rest.

πŸ” Security Considerations

⚠️ This script is intended for use in controlled or trusted environments. It does not include built-in:

  • Encryption
  • Authentication
  • Data integrity checks

For secure use:

  • Consider running it over SSH or a VPN
  • Use encrypted storage for received evidence
  • Hash collected files before and after transfer

πŸ“ File Structure

collector.sh         # Unified script (sender + receiver)
README.md            # Project documentation

Older versions with separate sender.sh and receiver.sh are available under the legacy branch or via Releases.

πŸ“¦ Releases

➑️ Download Latest Release

➑️ View Legacy v1.0.0 Release

πŸ§‘β€πŸ’» Contributing

Pull requests are welcome for:

  • Improving security (e.g., adding encryption)
  • Supporting more OS environments
  • Expanding evidence types
  • Logging, error handling, etc.

πŸ›  License

This project is open source under the MIT License.

πŸ‘€ Author

Akash Thakar GitHub Profile

About

Lightweight Bash scripts for remote evidence collection. It includes sender and receiver scripts for secure data transfer during incident response or forensic investigations.

Resources

Readme
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages