artifactcollector Logo

artifactcollector

0
Free
Visit Website

The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers. Features: * Runs on Windows, Linux, and macOS * Can extract files, directories, registry entries, command and WMI output * Uses configurable and extensible Forensics Artifacts * Creates a forensicstore as structured output * It's open source and free for everyone (including commercial use) Installation: * Download from https://github.com/forensicanalysis/artifactcollector/releases or clone the repository and install using go install . Get artifacts & process forensicstores: * Extract raw artifacts or process collected data using elementary.

FEATURES

ALTERNATIVES

Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.

Orochi is a collaborative forensic memory dump analysis framework.

Documentation project for Digital Forensics Artifact Repository

A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.

Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.

A tool for triaging crash files with various output formats and debugging engine options.

A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.

A tool for fixing acquired .evt Windows Event Log files in digital forensics.