The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers.
The artifactcollector offers the following features
🖥️Runs on 🖼️Windows, 🐧Linux and 🍏macOS 🛍️Can extract files, directories, registry entries, command and WMI output.
- ⭐ Uses the configurable and extensible Forensics Artifacts
💾Creates structured output
- 💻 Can run without admin/root rights
🕊️It's open source
Download from https://github.com/forensicanalysis/artifactcollector/releases or
go get -u github.com/forensicanalysis/artifactcollector
For feedback, questions and discussions you can use the Open Source DFIR Slack.
The development of this software was partially sponsored by Siemens CERT, but is not an official Siemens product.