GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects â†’ forensicanalysis â†’ Artifacts

forensicanalysis / Artifacts

Licence: apache-2.0
📇 Digital Forensics Artifact Repository (forensicanalysis edition)

Labels

dfirdigital-forensics

Projects that are alternatives of or similar to Artifacts

Memlabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+3214.29%)
Mutual labels:  dfir, digital-forensics
Dfirtrack
DFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+1004.76%)
Mutual labels:  dfir, digital-forensics
Thehive4py
Python API Client for TheHive
Stars: ✭ 143 (+580.95%)
Mutual labels:  dfir, digital-forensics
Thehivedocs
Documentation of TheHive
Stars: ✭ 353 (+1580.95%)
Mutual labels:  dfir, digital-forensics
catalyst
Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+333.33%)
Mutual labels:  dfir, digital-forensics
Awesome Forensics
A curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+8352.38%)
Mutual labels:  dfir, digital-forensics
Linuxforensics
Everything related to Linux Forensics
Stars: ✭ 189 (+800%)
Mutual labels:  dfir, digital-forensics
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+4547.62%)
Mutual labels:  dfir, digital-forensics
MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+323.81%)
Mutual labels:  dfir, digital-forensics
INDXRipper
Carve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+52.38%)
Mutual labels:  dfir, digital-forensics
Forensic Tools
CIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (+28.57%)
Mutual labels:  dfir, digital-forensics
Kuiper
Digital Forensics Investigation Platform
Stars: ✭ 257 (+1123.81%)
Mutual labels:  dfir, digital-forensics
Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+10852.38%)
Mutual labels:  dfir, digital-forensics
Cortex Analyzers
Cortex Analyzers Repository
Stars: ✭ 246 (+1071.43%)
Mutual labels:  dfir, digital-forensics
artifactcollector
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+566.67%)
Mutual labels:  dfir, digital-forensics
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+3119.05%)
Mutual labels:  dfir, digital-forensics
Cyberchef Recipes
A list of cyber-chef recipes and curated links
Stars: ✭ 619 (+2847.62%)
Mutual labels:  dfir
Swap digger
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+1585.71%)
Mutual labels:  dfir
Mac apt
macOS Artifact Parsing Tool
Stars: ✭ 329 (+1466.67%)
Mutual labels:  dfir
Hindsight
Web browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+2704.76%)
Mutual labels:  dfir
View All Similar Projects âž”

Digital Forensics Artifact Repository (forensicanalysis edition)

The repository is a fork of ForensicArtifacts/artifacts: More information

A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.

If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.

Artifact Definitions

The artifact definition format is described in detail in the Style Guide.

As of 2021-01-22 the repository contains:

Artifact definition by type

ARTIFACT GROUP COMMAND DIRECTORY FILE PATH REGISTRY KEY REGISTRY VALUE WMI
36 9 15 318 20 64 124 26

Artifact definition by OS

DARWIN LINUX WINDOWS
146 132 326

Artifact definition by label

ANTIVIRUS AUTHENTICATION BROWSER CLOUD CLOUD STORAGE CONFIGURATION FILES DOCKER EXTERNAL MEDIA EXTERNALACCOUNT HADOOP HISTORY FILES LOGS MAIL NETWORK SOFTWARE SYSTEM USERS IOS
6 19 28 2 4 46 2 2 3 1 3 48 16 18 43 116 77 5

Background/History

The repository is a fork of https://github.com/ForensicArtifacts/artifacts with the following changes:

  • conditions are ignored as they have some issues (#274)
  • provides on the artifact definition are deprecated, as they do not enable extraction of parameters without further parsing information
  • provides on source level are added to enable extraction of parameters
  • All source types are distinctly defined, including the DIRECTORY type (#286).
  • Parameter expansion and globing is defined, including ** (#342).
  • Inconsistent trailing \* in REGISTRY_KEYs are removed (#255).
  • Validate path separators (#265).
  • More validations, smaller documentation fixes (#23), ...

See Updated Style Guide

The ForensicArtifacts.com artifact repository was forked from the GRR project artifact collection into a stand-alone repository that is not tool-specific. The GRR developers have migrated to using this repository and make contributions here. In addition the ForensicArtifact team will begin backfilling artifacts in the new format from the ForensicArtifacts.com website.

For some background on the artifacts system and how we expect it to be used see this blackhat presentation and youtube video from the GRR team.

Contributing

Please send us your contribution!

External links

Contact

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].