ArtifactExtractor
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.
Free65
Free65
ArtifactExtractor
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignArtifactExtractor Description
ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before extraction. Dependencies: - None if using release executable on Windows. - Else: Install backports.lzma - Windows: Use latest wheel file available from [here] - Linux: Use a package manager, e.g. sudo apt install liblzma-dev - Install libewf libewf-legacy should be installed rather than libewf (experimental) - Newer experimental releases have a file corruption issue. - Windows: Use the MSI installer available from [here] - Linux: Use libewf-legacy build 20140806 (Windows ONLY) - Install pywin32: pip install pywin32 - Install remaining requirements: use requirements.txt - Use pip: pip install -r requirements.txt Usage: Create destination directory artifact_extractor.exe <source image> <dest dir> [-a <selected artifacts>] or artifact_extractor.exe -h for more options Credits: Joachim Metz and his libraries, John Corcoran for Unix Compatibility
ArtifactExtractor FAQ
Common questions about ArtifactExtractor including features, pricing, alternatives, and user reviews.
ArtifactExtractor is A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions. It is a Security Operations solution designed to help security teams with Open Source, File Analysis.
ArtifactExtractor is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/Silv3rHorn/ArtifactExtractor/ for download and installation instructions.
Popular alternatives to ArtifactExtractor include:
1.HexPrism - HexPrism is a fast, privacy-first hex editor built for CTFs and digital forensics. (Free)
2.libsmraw - A library to access and manipulate RAW image files. (Free)
3.cabextract - Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files. (Free)
4.libolecf - A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files. (Free)
5.wxHexEditor - wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features. (Free)
Compare these tools and more at https://cybersectools.com/categories/security-operations
ArtifactExtractor is for security teams and organizations that need Open Source, File Analysis. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
