Java process context
Inspect command lines, JVM options, javaagent, agentlib, service names, ports, and process ownership.
Open Investigator · Java incident investigation
Investigate Java service anomalies and memory-shell peripheral clues.
Open Investigator helps operators inspect Java process context, service boundaries, middleware files, debug ports, javaagent usage, and risky recent changes without turning first-pass triage into remediation.
Apache-2.0Read-only toolsAI evidence reasoning
Search intent
For searches like Java memory shell investigation, JDWP exposed investigation, suspicious javaagent, and Java incident response tool.
How it worksThe Java path is intentionally layered. Default checks stay low-impact. Explicit deep investigation can inspect more JVM context, and heavy artifacts require explicit flags. This keeps ordinary server investigation safe while still supporting deeper Java triage when the responder chooses it.
Investigation boundaryOpen Investigator collects and correlates evidence. It does not isolate hosts, block IPs, kill processes, delete files, disable accounts, restart services, or change firewall or registry state.
Practical workflow
Use it as a first-pass host investigation loop.
Middleware and file clues
Review recent JAR, WAR, JSP, CLASS, and web-root changes alongside service logs and process behavior.
Explicit deep mode
Deeper JVM diagnostics and heavy artifacts are gated so they do not happen accidentally during ordinary read-only triage.
Common searches
Queries this page answers.
Java memory shell investigationOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
JDWP exposed investigationOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
suspicious javaagentOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
Java incident response toolOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
Use the Java-focused checks when a production Java service has suspicious ports, options, files, or runtime behavior.
The source, usage examples, contribution notes, and issue tracker live in the public Open Investigator repository.