The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers. Features: * Runs on Windows, Linux, and macOS * Can extract files, directories, registry entries, command and WMI output * Uses configurable and extensible Forensics Artifacts * Creates a forensicstore as structured output * It's open source and free for everyone (including commercial use) Installation: * Download from https://github.com/forensicanalysis/artifactcollector/releases or clone the repository and install using go install . Get artifacts & process forensicstores: * Extract raw artifacts or process collected data using elementary.
FEATURES
SIMILAR TOOLS
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.