ForensicArtifacts.com Artifact Repository
A free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That's it. No other dependencies. The python code in this project is just used to validate all the artifacts to make sure they follow the spec.
As of 2015-11-20 the repository contains:
|File paths covered||487|
|Registry keys covered||289|
Artifacts by type
Artifacts by OS
Artifacts by label
|Antivirus||Authentication||Browser||Cloud||Cloud Storage||Configuration Files||External Media||ExternalAccount||IM||Logs||Network||Software||System||Users||iOS|
The ForensicArtifacts.com artifact repository was forked from the GRR project artifact collection into a stand-alone repository that is not tool-specific. The GRR developers have migrated to using this repository and make contributions here. In addition the ForensicArtifact team will begin backfilling artifacts in the new format from the ForensicArtifacts.com website.
Please send us your contribution! See the developers guide for instructions.
- ForensicsArtifacts.com ... the definitive database
- GRR Artifacts, by Greg Castle, Blackhat 2014