meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

soc:irt:linux:tools:uac [2026/06/11 15:53] – created titannetsoc:irt:linux:tools:uac [2026/06/11 16:01] (current) titannet
Line 2: Line 2:
  
 [[https://github.com/tclahr/uac]] [[https://github.com/tclahr/uac]]
 +[[https://tclahr.github.io/uac-docs/]]
  
 +<code>
 +Collect all artifacts based on the ir_triage profile, and save the output file to /tmp.
 +
 +./uac -p ir_triage /tmp
 +
 +Collect all artifacts located in the artifacts/live_response directory, and save the output file to /tmp.
 +
 +./uac -a ./artifacts/live_response/\* /tmp
 +
 +Collect all artifacts based on the ir_triage profile, along with all artifacts located in the /my_custom_artifacts directory, and save the output file to /mnt/sda1.
 +
 +./uac -p ir_triage -a /my_custom_artifacts/\* /mnt/sda1
 +
 +Collect a memory dump and all artifacts based on the full profile.
 +
 +./uac -a ./artifacts/memory_dump/avml.yaml -p full /tmp
 +
 +Collect all artifacts based on the ir_triage profile excluding the bodyfile.yaml artifact.
 +
 +
 +</code>