forensic-artifacts
A free, community-sourced, machine-readable knowledge base of forensic artifacts that serves as an information source and can be used within other tools. This package installs the data files alone, without the Python toolkit.
Description
forensic-artifacts provides a knowledge base of forensic artifacts in data file format. It is designed for use both as an information source and integration within other forensic tools. The package contains machine-readable data that the community contributes to, making it a valuable resource for digital forensics practitioners.
The tool is available in two packages: forensic-artifacts for data files only (425 KB installed size) and python3-artifacts for the Python 3 version (64 KB installed size). The Python package includes dependencies like python3, python3-pip, and python3-yaml, enabling programmatic access to the artifact knowledge base.
Use cases include referencing forensic artifacts during investigations, building custom forensic tools, and enhancing existing software with standardized artifact data.
How It Works
The tool operates as a static knowledge base of forensic artifacts stored in machine-readable data files, primarily YAML format given the python3-yaml dependency. These files catalog artifacts from various systems and applications, allowing lookup and integration into other forensic tools or scripts. The Python 3 package provides programmatic interfaces to parse and utilize this data.
Installation
sudo apt install forensic-artifactsExamples
sudo apt install forensic-artifactssudo apt install python3-artifactsapt show forensic-artifactsapt show python3-artifactsdpkg -L forensic-artifactspython3 -c 'import artifacts'pip3 install artifacts