Documentation ยถ
Overview ยถ
Package artifactcollector provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers.
Features ยถ
The artifactcollector offers the following features
- ๏ธ๐ฅ๏ธ Runs on ๐ผ๏ธ Windows, ๐ง Linux and ๐ macOS
- ๐๏ธ Can extract files, directories, registry entries, command and WMI output
- โญ Uses the configurable and extensible [Forensics Artifacts](https://github.com/forensicanalysis/artifacts)
- ๐พ Creates a forensicstore as [structured output](https://github.com/forensicanalysis/forensicstore)
- ๐๏ธ It's open source
- ๐ Free for everyone (including commercial use)
Directories ยถ
Path | Synopsis |
---|---|
Package collection provides functions to collect forensicartifacts into a forensicstore.
|
Package collection provides functions to collect forensicartifacts into a forensicstore. |
replace
|
|
scripts
module
|
|
Package zipwrite provides good enough write-only file system implementation for the artifactcollector to create zip files.
|
Package zipwrite provides good enough write-only file system implementation for the artifactcollector to create zip files. |
Click to show internal directories.
Click to hide internal directories.