Python
Need help with artifacts?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
ForensicArtifacts

Description

Digital Forensics Artifact Repository

515 Stars 137 Forks Apache License 2.0 473 Commits 48 Opened issues

Services available

Need anything else?

Digital Forensics Artifact Repository

A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.

If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.

Project status

Travis-CI

AppVeyor Codecov
Build Status Build status codecov

Artifact Definitions

The artifact definitions can be found in the data directory and the format is described in detail in the Style Guide.

As of 2019-06-10 the repository contains:

| File paths covered | 1013 | | :------------------ | ------: | | Registry keys covered | 635 | | Total artifacts | 525 |

Artifacts by type

| ARTIFACTGROUP | COMMAND | DIRECTORY | FILE | PATH | REGISTRYKEY | REGISTRY_VALUE | WMI | | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | | 21 | 9 | 14 | 283 | 8 | 50 | 114 | 26 |

Artifacts by OS

| Darwin | Linux | Windows | | :---: | :---: | :---: | | 33 | 25 | 23 |

Artifacts by label

| Antivirus | Authentication | Browser | Cloud | Cloud Storage | Configuration Files | Docker | External Media | ExternalAccount | Hadoop | History Files | Logs | Mail | Network | Software | System | Users | iOS | | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | | 6 | 18 | 21 | 2 | 4 | 41 | 2 | 2 | 3 | 1 | 3 | 46 | 15 | 15 | 43 | 104 | 68 | 5 |

Background/History

The ForensicArtifacts.com artifact repository was forked from the GRR project artifact collection into a stand-alone repository that is not tool-specific. The GRR developers have migrated to using this repository and make contributions here. In addition the ForensicArtifact team will begin backfilling artifacts in the new format from the ForensicArtifacts.com website.

For some background on the artifacts system and how we expect it to be used see this blackhat presentation and youtube video from the GRR team.

Contributing

Please send us your contribution! See the developers guide for instructions.

External links

Contact

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.