Skip to content
ForensicArtifacts.com Artifact Repository
Python Shell Makefile
Branch: master
Clone or download
Pull request Compare This branch is 1 commit behind ForensicArtifacts:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
artifacts
config
data
docs
test_data
tests
tools
utils
.gitignore
.pylintrc
.style.yapf
.travis.yml
ACKNOWLEDGEMENTS
AUTHORS
LICENSE
MANIFEST.in
README
README.md
appveyor.yml
artifacts.ini
dependencies.ini
requirements.txt
run_tests.py
setup.cfg
setup.py
test_dependencies.ini
test_requirements.txt
tox.ini

README.md

Digital Forensics Artifact Repository

A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.

If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.

Project status

Travis-CI AppVeyor Codecov
Build Status Build status codecov

Artifact Definitions

The artifact definitions can be found in the data directory and the format is described in detail in the Style Guide.

As of 2019-06-10 the repository contains:

File paths covered 1013
Registry keys covered 635
Total artifacts 525

Artifacts by type

ARTIFACT_GROUP COMMAND DIRECTORY FILE PATH REGISTRY_KEY REGISTRY_VALUE WMI
21 9 14 283 8 50 114 26

Artifacts by OS

Darwin Linux Windows
33 25 23

Artifacts by label

Antivirus Authentication Browser Cloud Cloud Storage Configuration Files Docker External Media ExternalAccount Hadoop History Files Logs Mail Network Software System Users iOS
6 18 21 2 4 41 2 2 3 1 3 46 15 15 43 104 68 5

Background/History

The ForensicArtifacts.com artifact repository was forked from the GRR project artifact collection into a stand-alone repository that is not tool-specific. The GRR developers have migrated to using this repository and make contributions here. In addition the ForensicArtifact team will begin backfilling artifacts in the new format from the ForensicArtifacts.com website.

For some background on the artifacts system and how we expect it to be used see this blackhat presentation and youtube video from the GRR team.

Contributing

Please send us your contribution! See the developers guide for instructions.

External links

Contact

You can’t perform that action at this time.