LUARM[1] (Logging User Actions in Relational Mode) is an Open Source experimental live digital forensics engine that produces audit data[2] that facilitate insider threat specification as well as user action computer forensic functionality for the Linux operating system. It is designed to log in detail user activities into a simple Relational Database Management System (RDBMS) schema. MySQL is used for the relational backend although the schema could be easily converted to PostgreSQL and other popular relational databases. LUARM is written in Perl and provides a near real-time snapshot of file access, process/program execution and network endpoint user activities[3] organized in well-defined relational table formats. The purposes are:
LUARM is being developed by Georgios Magklaras at Steelcyber Scientific,[5] an IT consultancy specializing in information security and scientific computing. It is part of a wider Insider Misuse research effort targeting insider misuse threat specification.[6]