Anti-Forensics Suite
Forensic artifact cleanup and log sanitization for red team operations.
What It Does
Cleans system logs on Linux (syslog, auth.log, auditd, bash history), erases command history files, and removes forensic artifacts including temporary files, shell history, and file access timestamps. Windows modules (event log clearing, timestomping, USN journal wiping) are designed for external build and validation.
Scripts
| Script | Description |
|---|---|
log_cleaner | System log cleaning — selective entry removal, timestamp manipulation, log rotation |
history_eraser | Command history erasure — .bash_history, .zsh_history, .mysql_history, .python_history |
artifact_cleaner | Forensic artifact removal — temp files, caches, thumbnails, recent files, swap |
When to Use
Use at the end of post-exploitation operations, before disconnecting from a compromised host. Run log_cleaner first, then history_eraser, then artifact_cleaner. Confirm cleanup success before session termination.
Usage
RedTeamScript(skill="anti-forensics-suite", script="log_cleaner", args="--session-id 42 --syslog --authlog")