This tool was built during real-world DFIR and incident response cases where fast, reliable, and secure file syncing was critical.
It has been refined through practical use, balancing simplicity with functionality.
Whether youβre collecting forensic images, monitoring log sources, or just keeping folders in sync β this script does the job with minimal overhead.
π GitHub Repo
- Two-Way Monitoring: Choose to watch either your local folder or the remote server.
- Real-Time Sync: Automatically uploads, downloads, or deletes files as changes occur.
- Protocol Flexibility: Works with secure SFTP or standard FTP.
- Lightweight: No heavy dependencies β just
paramiko+watchdog. - Forensic-Ready: Perfect for collecting logs, evidence, or case data securely.
Designed for analysts, responders, and engineers who need to move and monitor files securely without manual intervention. Typical workflow:
- Connect to a remote server (SFTP/FTP).
- Select the remote folder to watch.
- Select your local folder.
- Pick your mode:
- REMOTE mode β Download any new/changed files from server.
- LOCAL mode β Upload any new/changed files to server.
- Let it run. Files stay in sync automatically.
Clone and run:
git clone https://github.com/dfirvault/sftpmonitor/
cd sftpmonitor
pip install paramiko watchdog
python SFTPMonitor.pyπ€ Jacob Wilson
π§ dfirvault@gmail.com
β‘ Fast. Focused. Forensic.