Skip to content
The artifactcollector is a headless software to collect forensic artifacts on a system.
Go Shell
Branch: master
Clone or download
Latest commit 3df9b72 Jan 18, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/workflows Add release CI (#9) Jan 17, 2020
assets Setup GitHub actions (#1) Jan 4, 2020
collection Setup GitHub actions (#1) Jan 4, 2020
docs Add contact and ack to readme (#7) Jan 14, 2020
pack Setup GitHub actions (#1) Jan 4, 2020
resources
scripts Setup GitHub actions (#1) Jan 4, 2020
test Setup GitHub actions (#1) Jan 4, 2020
.gitignore Setup GitHub actions (#1) Jan 4, 2020
LICENSE Release v0.12.0 Jan 3, 2020
README.md Hide packing for now (#10) Jan 18, 2020
go.mod Setup GitHub actions (#1) Jan 4, 2020
go.sum Setup GitHub actions (#1) Jan 4, 2020
main.go Setup GitHub actions (#1) Jan 4, 2020
plugins.go Release v0.12.0 Jan 3, 2020
storeLogger.go Release v0.12.0 Jan 3, 2020
time_plugin.go Release v0.12.0 Jan 3, 2020

README.md

artifactcollector

build coverage report doc

The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers.

Features

The artifactcollector offers the following features

  • 🖥️ Runs on 🖼️ Windows, 🐧 Linux and 🍏 macOS
  • 🛍️ Can extract files, directories, registry entries, command and WMI output.
  • ⭐ Uses the configurable and extensible Forensics Artifacts
  • 💾 Creates structured output
  • ‍💻 Can run without admin/root rights
  • 🕊️ It's open source

Installation

Download from https://github.com/forensicanalysis/artifactcollector/releases or

go get -u github.com/forensicanalysis/artifactcollector

Contact

For feedback, questions and discussions you can use the Open Source DFIR Slack.

Acknowledgment

The development of this software was partially sponsored by Siemens CERT, but is not an official Siemens product.

You can’t perform that action at this time.