Digital Forensics Artifacts Repository
A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that can be used as an information source and within other tools. The artifacts are in YAML format, and Python code is used for validation. For more information, visit the project documentation at: https://artifacts.readthedocs.io/en/latest. Contributions are welcome via the developers guide or by contacting forensicartifacts@googlegroups.com. Join the Artifacts channel of Open Source DFIR Slack for discussions.
FEATURES
ALTERNATIVES
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
PINNED
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.