Skip to content
Digital Forensics Artifact Repository
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
artifacts Applied updates and changes to setup.py for bdist_rpm (#327) Mar 20, 2019
config Moved CI tests to Ubuntu 18.04 on Docker (#336) May 4, 2019
data Added WMIOperatingSystem, WMIScheduledTasks and WMIStartupCommands ar… May 7, 2019
docs Removed support for returned_types #316 (#321) Feb 28, 2019
test_data Create ArtifactWriter classes for writing ArtifactDefinitions #178 May 13, 2017
tests Added _SkipIfPathNotExists in test_lib (#335) May 4, 2019
tools Validate environment and users variables in Windows paths #311 (#332) Mar 31, 2019
utils Changes to Travis CI test coverage and linter (#299) Dec 15, 2018
.gitignore Fix style May 13, 2017
.pylintrc Changes for pylint and removed yapf tests (#307) Feb 2, 2019
.style.yapf Updated CI test configuration and helper scripts Apr 4, 2018
.travis.yml Moved CI tests to Ubuntu 18.04 on Docker (#336) May 4, 2019
ACKNOWLEDGEMENTS Updated ACKNOWLEDGEMENTS file for issue #34 May 13, 2017
AUTHORS Update AUTHORS May 13, 2017
LICENSE Initial commit Oct 31, 2014
MANIFEST.in Changed AppVeyor configuration to use TLS Oct 11, 2017
README Updated README Mar 18, 2018
README.md Updated AppVeyor links in README Dec 18, 2018
appveyor.yml Changes for pylint and removed yapf tests (#307) Feb 2, 2019
artifacts.ini Applied updates and added Fedora Core CI tests Feb 3, 2019
dependencies.ini Changes to setup.py for bdist_rpm (#304) Jan 13, 2019
requirements.txt Updated dependencies with l2tdevtools Jan 15, 2018
run_tests.py Updated CI test configuration and helper scripts Apr 4, 2018
setup.cfg Updated dependencies (#305) Feb 2, 2019
setup.py Applied updates and changes to setup.py for bdist_rpm (#327) Mar 20, 2019
test_dependencies.ini Changes to Travis CI test coverage and linter (#299) Dec 15, 2018
test_requirements.txt Applied updates and changes to setup.py for bdist_rpm (#327) Mar 20, 2019
tox.ini Applied updates and changes to setup.py for bdist_rpm (#327) Mar 20, 2019

README.md

Digital Forensics Artifact Repository Artifact Repository

A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.

If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That's it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specfication.

Project status

Travis-CI AppVeyor Codecov
Build Status Build status codecov

Artifact Definitions

The artifact definitions can be found in the data directory and the format is described in detail in the Style Guide.

As of 2015-11-20 the repository contains:

File paths covered 487
Registry keys covered 289
Total artifacts 345

Artifacts by type

ARTIFACT COMMAND DIRECTORY FILE PATH REGISTRY_KEY REGISTRY_VALUE WMI
14 6 11 191 4 38 65 16

Artifacts by OS

Darwin Linux Windows
106 75 177

Artifacts by label

Antivirus Authentication Browser Cloud Cloud Storage Configuration Files External Media ExternalAccount IM Logs Mail Network Software System Users iOS
6 12 18 2 3 34 2 3 4 27 12 7 35 62 59 5

Background/History

The ForensicArtifacts.com artifact repository was forked from the GRR project artifact collection into a stand-alone repository that is not tool-specific. The GRR developers have migrated to using this repository and make contributions here. In addition the ForensicArtifact team will begin backfilling artifacts in the new format from the ForensicArtifacts.com website.

For some background on the artifacts system and how we expect it to be used see this blackhat presentation and youtube video from the GRR team.

Contributing

Please send us your contribution! See the developers guide for instructions.

External links

Contact

forensicartifacts@googlegroups.com

You can’t perform that action at this time.