Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation.
It achieves this by gathering different system information for further review for anomalous behavior or unexpected data entry; it also looks out for unusual files or activities and points them out to the investigator.
**The latest version now analyzes Event Logs; it queries the event logs for specific log IDs that might indicate unusual activity or compromise.
It is paramount to note that this script has no inbuilt intelligence. Its left for the investigator to analyze the output and decide on a conclusion or conduct a deeper investigation.
Source code and additional information may be found here: https://github.com/Johnng007/Live-Forensicator