The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers.
The artifactcollector offers the following features
git clone https://github.com/forensicanalysis/artifactcollector
cd artifactcollector
go install .
If you want to extract the raw artifacts or process the collected data have a look.
git clone https://github.com/forensicanalysis/artifactcollector
.go generate
to download all artifacts.pack/artifacts
. Do not edit the artifact definitions, as they will be overwritten.pack/ac.yaml
and add the artifacts you want to collect.go generate
. This might yield some errors or problems in your artifacts.cp resources\artifactcollector.syso .
) to enable the icon for the executable and the UAC popup.go build .
to generates an executable.Binaries can be added to pack/bin
and than included into the artifactcollector in the go generate
step. Additionally a corresponding COMMAND artifact like the following is required.
name: Autoruns
sources:
- type: COMMAND
attributes:
cmd: autorunsc.exe
args: ["-x"]
supported_os: [Windows]
Currently the output to stdout and stderr is saved, but generated files are not collected.
Cross compilation is a bit more difficult, as a cross compiler like MinGW is required by CGO.
Example cross compilation for Windows:
CGO_ENABLED=1 CC=i686-w64-mingw32-gcc GOOS=windows GOARCH=386 go build .
CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc GOOS=windows GOARCH=amd64 go build .
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…