artifactcollector Logo

artifactcollector

0
Free
Visit Website

The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers. Features: * Runs on Windows, Linux, and macOS * Can extract files, directories, registry entries, command and WMI output * Uses configurable and extensible Forensics Artifacts * Creates a forensicstore as structured output * It's open source and free for everyone (including commercial use) Installation: * Download from https://github.com/forensicanalysis/artifactcollector/releases or clone the repository and install using go install . Get artifacts & process forensicstores: * Extract raw artifacts or process collected data using elementary.

FEATURES

ALTERNATIVES

Automated collection tool for incident response triage in Windows systems.

mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.

Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.

A command-line utility to show and change EXIF information in JPEG files

ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.

A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.