ArtifactExtractor Logo

ArtifactExtractor

0
Free
Visit Website

ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before extraction. Dependencies: - None if using release executable on Windows. - Else: Install backports.lzma - Windows: Use latest wheel file available from [here] - Linux: Use a package manager, e.g. sudo apt install liblzma-dev - Install libewf libewf-legacy should be installed rather than libewf (experimental) - Newer experimental releases have a file corruption issue. - Windows: Use the MSI installer available from [here] - Linux: Use libewf-legacy build 20140806 (Windows ONLY) - Install pywin32: pip install pywin32 - Install remaining requirements: use requirements.txt - Use pip: pip install -r requirements.txt Usage: Create destination directory artifact_extractor.exe <source image> <dest dir> [-a <selected artifacts>] or artifact_extractor.exe -h for more options Credits: Joachim Metz and his libraries, John Corcoran for Unix Compatibility

FEATURES

ALTERNATIVES

Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.

A reconnaissance tool for GitHub organizations

A tool for analyzing pentest screenshots using a convolutional neural network

A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.

Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.

A modified version of GNU dd with added features like hashing and fast disk wiping.