Worked on artifact definition naming convention (#488)

ForensicArtifacts · Mar 13, 2022 · 90fbb35 · 90fbb35
1 parent c05f685
commit 90fbb35
Show file tree

Hide file tree

Showing 10 changed files with 316 additions and 312 deletions.
diff --git a/artifacts/__init__.py b/artifacts/__init__.py
@@ -1,4 +1,4 @@
 # -*- coding: utf-8 -*-
 """ForensicArtifacts.com Artifact Repository."""
 
-__version__ = '20220312'
+__version__ = '20220313'
diff --git a/config/dpkg/changelog b/config/dpkg/changelog
@@ -1,5 +1,5 @@
-artifacts (20220312-1) unstable; urgency=low
+artifacts (20220313-1) unstable; urgency=low
 
   * Auto-generated
 
- -- Forensic artifacts <forensicartifacts@googlegroups.com>  Sat, 12 Mar 2022 09:10:59 +0100
+ -- Forensic artifacts <forensicartifacts@googlegroups.com>  Sun, 13 Mar 2022 12:22:59 +0100
diff --git a/data/legacy.yaml b/data/legacy.yaml
@@ -190,66 +190,3 @@ sources:
 provides: [time_zone]
 supported_os: [Windows]
 urls: ['https://github.com/libyal/winreg-kb/blob/main/documentation/Time%20zone%20keys.asciidoc']
----
-name: ChromeHistory
-doc: Chrome browser history.
-sources:
-- type: FILE
-  attributes:
-    paths:
-    - '%%users.localappdata%%\Chromium\User Data\*\Archived History'
-    - '%%users.localappdata%%\Chromium\User Data\*\Archived History-journal'
-    - '%%users.localappdata%%\Chromium\User Data\*\History'
-    - '%%users.localappdata%%\Chromium\User Data\*\History-journal'
-    - '%%users.localappdata%%\Google\Chrome SxS\User Data\*\Archived History'
-    - '%%users.localappdata%%\Google\Chrome SxS\User Data\*\Archived History-journal'
-    - '%%users.localappdata%%\Google\Chrome SxS\User Data\*\History'
-    - '%%users.localappdata%%\Google\Chrome SxS\User Data\*\History-journal'
-    - '%%users.localappdata%%\Google\Chrome\User Data\*\Archived History'
-    - '%%users.localappdata%%\Google\Chrome\User Data\*\Archived History-journal'
-    - '%%users.localappdata%%\Google\Chrome\User Data\*\History'
-    - '%%users.localappdata%%\Google\Chrome\User Data\*\History-journal'
-    separator: '\'
-  supported_os: [Windows]
-- type: FILE
-  attributes:
-    paths:
-    - '%%users.homedir%%/Library/Application Support/Chromium/*/Archived History'
-    - '%%users.homedir%%/Library/Application Support/Chromium/*/Archived History-journal'
-    - '%%users.homedir%%/Library/Application Support/Chromium/*/History'
-    - '%%users.homedir%%/Library/Application Support/Chromium/*/History-journal'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome Canary/*/Archived History'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome Canary/*/Archived History-journal'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome Canary/*/History'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome Canary/*/History-journal'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome/*/Archived History'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome/*/Archived History-journal'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome/*/History'
-    - '%%users.homedir%%/Library/Application Support/Google/Chrome/*/History-journal'
-  supported_os: [Darwin]
-- type: FILE
-  attributes:
-    paths:
-    - '%%users.homedir%%/.config/chromium/*/Archived History'
-    - '%%users.homedir%%/.config/chromium/*/Archived History-journal'
-    - '%%users.homedir%%/.config/chromium/*/History'
-    - '%%users.homedir%%/.config/chromium/*/History-journal'
-    - '%%users.homedir%%/.config/google-chrome/*/Archived History'
-    - '%%users.homedir%%/.config/google-chrome/*/Archived History-journal'
-    - '%%users.homedir%%/.config/google-chrome/*/History'
-    - '%%users.homedir%%/.config/google-chrome/*/History-journal'
-    - '%%users.homedir%%/.config/google-chrome-beta/*/Archived History'
-    - '%%users.homedir%%/.config/google-chrome-beta/*/Archived History-journal'
-    - '%%users.homedir%%/.config/google-chrome-beta/*/History'
-    - '%%users.homedir%%/.config/google-chrome-beta/*/History-journal'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-profile/*/Archived History'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-profile/*/Archived History-journal'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-profile/*/History'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-profile/*/History-journal'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-config/google-chrome/*/Archived History'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-config/google-chrome/*/Archived History-journal'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-config/google-chrome/*/History'
-    - '%%users.homedir%%/.config/chrome-remote-desktop/chrome-config/google-chrome/*/History-journal'
-  supported_os: [Linux]
-supported_os: [Darwin, Linux, Windows]
-urls: ['https://forensicswiki.xyz/wiki/index.php?title=Google_Chrome']
diff --git a/data/macos.yaml b/data/macos.yaml
@@ -664,14 +664,6 @@ sources:
 supported_os: [Darwin]
 urls: ['https://forensicswiki.xyz/wiki/index.php?title=Mac_OS_X_10.9_-_Artifacts_Location#User_Directories']
 ---
-name: MacOSUserDownloadsDirectory
-doc: Contents of the user Downloads directories.
-sources:
-- type: PATH
-  attributes: {paths: ['%%users.homedir%%/Downloads/*']}
-supported_os: [Darwin]
-urls: ['https://forensicswiki.xyz/wiki/index.php?title=Mac_OS_X_10.9_-_Artifacts_Location#User_Directories']
----
 name: MacOSUserGlobalPreferencesPlistFile
 aliases: [MacOSUserGlobalPreferences]
 doc: User global preferences property list (plist) file.
@@ -760,16 +752,6 @@ sources:
 supported_os: [Darwin]
 urls: ['https://forensicswiki.xyz/wiki/index.php?title=Mac_OS_X_10.9_-_Artifacts_Location#User_Directories']
 ---
-name: MacOSUsersDirectory
-aliases: [MacOSUsers]
-doc: Contents of the Users directory.
-sources:
-- type: PATH
-  attributes: {paths: ['/Users/*']}
-supported_os: [Darwin]
-provides: [users.username]
-urls: ['https://forensicswiki.xyz/wiki/index.php?title=Mac_OS_X_10.9_-_Artifacts_Location#Users']
----
 name: MacOSUserSocialAccounts
 doc: User's Social Accounts
 sources:

diff --git a/data/shell.yaml b/data/shell.yaml
@@ -0,0 +1,280 @@
+# Shell user-interface artifact definitions.
+---
+name: BashShellConfigurationFile
+doc: Bourne Again shell (bash) configuration files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/.bash_logout'
+    - '%%users.homedir%%/.bash_profile'
+    - '%%users.homedir%%/.bashrc'
+    - '/etc/bash.bashrc'
+    - '/etc/bashrc'
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths:
+    - '/private/etc/bash.bashrc'
+    - '/private/etc/bashrc'
+  supported_os: [Darwin]
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.bash_logout'
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.bash_profile'
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.bashrc'
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://forensicswiki.xyz/wiki/index.php?title=Bash_shell']
+---
+name: BashShellHistoryFile
+aliases: [MacOSBashHistory]
+doc: Bourne Again shell (bash) history files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/.bash_history'
+- type: FILE
+  attributes:
+    paths: ['%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.bash_history']
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://forensicswiki.xyz/wiki/index.php?title=Bash_shell']
+---
+name: BashShellSessionFile
+aliases: [MacOSBashSessions]
+doc: Bourne Again shell (bash) session files.
+sources:
+- type: FILE
+  attributes: {paths: ['%%users.homedir%%/.bash_sessions/*']}
+supported_os: [Darwin]
+urls: ['https://forensicswiki.xyz/wiki/index.php?title=Bash_shell']
+---
+name: BourneShellHistoryFile
+doc: Bourne shell (sh) history files.
+sources:
+- type: FILE
+  attributes: {paths: ['%%users.homedir%%/.sh_history']}
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths: ['%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.sh_history']
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://en.wikipedia.org/wiki/Bourne_shell']
+---
+name: CShellConfigurationFile
+doc: C shell (csh) configuration files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/.cshrc'
+    - '/etc/csh.cshrc'
+    - '/etc/csh.login'
+    - '/etc/csh.logout'
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths:
+    - '/private/etc/csh.cshrc'
+    - '/private/etc/csh.login'
+    - '/private/etc/csh.logout'
+  supported_os: [Darwin]
+- type: FILE
+  attributes:
+    paths: ['%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.cshrc']
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://en.wikipedia.org/wiki/C_shell']
+---
+name: KornShellConfigurationFile
+doc: KornShell (ksh) configuration files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/.ksh'
+    - '/etc/kshrc'
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths:
+    - '/private/etc/kshrc'
+  supported_os: [Darwin]
+- type: FILE
+  attributes:
+    paths: ['%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.ksh']
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://en.wikipedia.org/wiki/KornShell']
+---
+name: RootUserShellConfigs
+doc: Common Unix root shell configuration files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '/root/.bash_logout'
+    - '/root/.bash_profile'
+    - '/root/.bashrc'
+    - '/root/.cshrc'
+    - '/root/.ksh'
+    - '/root/.logout'
+    - '/root/.profile'
+    - '/root/.tcsh'
+    - '/root/.zlogin'
+    - '/root/.zlogout'
+    - '/root/.zprofile'
+supported_os: [Darwin, Linux]
+---
+name: RootUserShellHistory
+doc: Common Unix root shell history files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '/root/.bash_history'
+    - '/root/.sh_history'
+    - '/root/.zhistory'
+    - '/root/.zsh_history'
+supported_os: [Darwin, Linux]
+---
+name: ShellConfigurationFile
+aliases: [AllShellConfigs, GlobalShellConfigs, UsersShellConfigs]
+doc: Group of shell configuration files.
+sources:
+- type: ARTIFACT_GROUP
+  attributes:
+    names:
+    - 'BashShellConfigurationFile'
+    - 'CShellConfigurationFile'
+    - 'KornShellConfigurationFile'
+    - 'ShellLogoutFile'
+    - 'ShellProfileFile'
+    - 'TeeShellConfigurationFile'
+    - 'ZShellConfigurationFile'
+supported_os: [Darwin, Linux, Windows]
+---
+name: ShellHistoryFile
+aliases: [AllUsersShellHistory, UserShellHistory]
+doc: Group of shell history files.
+sources:
+- type: ARTIFACT_GROUP
+  attributes:
+    names:
+    - 'BashShellHistoryFile'
+    - 'BourneShellHistoryFile'
+    - 'ZShellHistoryFile'
+supported_os: [Darwin, Linux, Windows]
+---
+name: ShellLogoutFile
+doc: Shell logout file.
+sources:
+- type: FILE
+  attributes: {paths: ['%%users.homedir%%/.logout']}
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths: ['%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.logout']
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+---
+name: ShellProfileFile
+doc: Shell profile file.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/.profile'
+    - '/etc/profile'
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes: {paths: ['/private/etc/profile']}
+  supported_os: [Darwin]
+- type: FILE
+  attributes:
+    paths: ['%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.profile']
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+---
+name: TeeShellConfigurationFile
+doc: Tee shell (tcsh) configuration files.
+sources:
+- type: FILE
+  attributes: {paths: ['%%users.homedir%%/.tcsh']}
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths: ['%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.tcsh']
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://en.wikipedia.org/wiki/Tcsh']
+---
+name: ZShellConfigurationFile
+doc: Z shell (zsh) configuration files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/.zlogin'
+    - '%%users.homedir%%/.zlogout'
+    - '%%users.homedir%%/.zprofile'
+    - '/etc/zshenv'
+    - '/etc/zshrc'
+    - '/etc/zsh/zlogin'
+    - '/etc/zsh/zlogout'
+    - '/etc/zsh/zprofile'
+    - '/etc/zsh/zshenv'
+    - '/etc/zsh/zshrc'
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths:
+    - '/private/etc/zshenv'
+    - '/private/etc/zshrc'
+    - '/private/etc/zsh/zlogin'
+    - '/private/etc/zsh/zlogout'
+    - '/private/etc/zsh/zprofile'
+    - '/private/etc/zsh/zshenv'
+    - '/private/etc/zsh/zshrc'
+  supported_os: [Darwin]
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.zlogin'
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.zlogout'
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.zprofile'
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://en.wikipedia.org/wiki/Z_shell']
+---
+name: ZShellHistoryFile
+doc: Z shell (zsh) history files.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/.zhistory'
+    - '%%users.homedir%%/.zsh_history'
+  supported_os: [Darwin, Linux]
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.zhistory'
+    - '%%users.localappdata%%\Packages\*\LocalState\rootfs\home\*\.zsh_history'
+    separator: '\'
+  supported_os: [Windows]
+supported_os: [Darwin, Linux, Windows]
+urls: ['https://en.wikipedia.org/wiki/Z_shell']