The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers.
The artifactcollector offers the following features
git clone https://github.com/forensicanalysis/artifactcollector
cd artifactcollector
go install .
If you want to extract the raw artifacts or process the collected data have a look.
git clone https://github.com/forensicanalysis/artifactcollector
.go generate
to download all artifacts.pack/artifacts
. Do not edit the artifact definitions, as they will be overwritten.pack/ac.yaml
and add the artifacts you want to collect.go generate
. This might yield some errors or problems in your artifacts.cp resources\artifactcollector.syso .
) to enable the icon for the executable and the UAC popup.go build .
to generates an executable.Binaries can be added to pack/bin
and than included into the artifactcollector in the go generate
step. Additionally a corresponding COMMAND artifact like the following is required.
name: Autoruns
sources:
- type: COMMAND
attributes:
cmd: autorunsc.exe
args: ["-x"]
supported_os: [Windows]
Currently the output to stdout and stderr is saved, but generated files are not collected.
Cross compilation is a bit more difficult, as a cross compiler like MinGW is required by CGO.
Example cross compilation for Windows:
CGO_ENABLED=1 CC=i686-w64-mingw32-gcc GOOS=windows GOARCH=386 go build .
CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc GOOS=windows GOARCH=amd64 go build .
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…