├── .github └── workflows │ ├── test_docker.yml │ ├── test_docs.yml │ └── test_tox.yml ├── .gitignore ├── .pylintrc ├── .readthedocs.yaml ├── .yamllint.yaml ├── ACKNOWLEDGEMENTS ├── AUTHORS ├── LICENSE ├── MANIFEST.in ├── README.md ├── appveyor.yml ├── artifacts.ini ├── artifacts ├── __init__.py ├── artifact.py ├── data │ ├── antivirus.yaml │ ├── applications.yaml │ ├── cloud_services.yaml │ ├── config_files.yaml │ ├── containerd.yaml │ ├── database_servers.yaml │ ├── docker.yaml │ ├── esxi.yaml │ ├── file_systems.yaml │ ├── hadoop.yaml │ ├── ics.yaml │ ├── installed_module_paths.yaml │ ├── installed_modules.yaml │ ├── instant_messaging.yaml │ ├── java.yaml │ ├── kaspersky_careto.yaml │ ├── kubernetes.yaml │ ├── legacy.yaml │ ├── linux.yaml │ ├── linux_proc.yaml │ ├── linux_services.yaml │ ├── macos.yaml │ ├── shell.yaml │ ├── tomcat.yaml │ ├── triage.yaml │ ├── unix_common.yaml │ ├── user.yaml │ ├── webbrowser.yaml │ ├── webservers.yaml │ ├── windows.yaml │ ├── windows_dll_hijacking.yaml │ └── wmi.yaml ├── definitions.py ├── errors.py ├── reader.py ├── registry.py ├── scripts │ ├── __init__.py │ ├── stats.py │ └── validator.py ├── source_type.py └── writer.py ├── config ├── appveyor │ ├── install.ps1 │ ├── install.sh │ └── runtests.sh └── dpkg │ ├── artifacts-data.dirs │ ├── artifacts-data.install │ ├── artifacts-tools.install │ ├── changelog │ ├── clean │ ├── compat │ ├── control │ ├── copyright │ ├── python3-artifacts.install │ ├── rules │ └── source │ └── format ├── dependencies.ini ├── docs ├── Artifacts definition format and style guide.asciidoc ├── conf.py ├── index.rst ├── requirements.txt └── sources │ ├── Format-specification.md │ ├── api │ ├── artifacts.rst │ ├── artifacts.scripts.rst │ └── modules.rst │ ├── background │ ├── Stats.md │ ├── Terminology.md │ └── index.rst │ └── user │ ├── Installation-instructions.md │ └── index.rst ├── pyproject.toml ├── run_tests.py ├── test_data ├── definitions.json └── definitions.yaml ├── test_dependencies.ini ├── tests ├── __init__.py ├── reader_test.py ├── registry_test.py ├── source_type_test.py ├── test_lib.py ├── validator_test.py └── writer_test.py ├── tox.ini └── utils ├── __init__.py ├── check_dependencies.py ├── dependencies.py ├── pylintrc └── update_release.sh /.github/workflows/test_docker.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/.github/workflows/test_docker.yml -------------------------------------------------------------------------------- /.github/workflows/test_docs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/.github/workflows/test_docs.yml -------------------------------------------------------------------------------- /.github/workflows/test_tox.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/.github/workflows/test_tox.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/.gitignore -------------------------------------------------------------------------------- /.pylintrc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/.pylintrc -------------------------------------------------------------------------------- /.readthedocs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/.readthedocs.yaml -------------------------------------------------------------------------------- /.yamllint.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/.yamllint.yaml -------------------------------------------------------------------------------- /ACKNOWLEDGEMENTS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/ACKNOWLEDGEMENTS -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/AUTHORS -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/MANIFEST.in -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/README.md -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/appveyor.yml -------------------------------------------------------------------------------- /artifacts.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts.ini -------------------------------------------------------------------------------- /artifacts/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/__init__.py -------------------------------------------------------------------------------- /artifacts/artifact.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/artifact.py -------------------------------------------------------------------------------- /artifacts/data/antivirus.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/antivirus.yaml -------------------------------------------------------------------------------- /artifacts/data/applications.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/applications.yaml -------------------------------------------------------------------------------- /artifacts/data/cloud_services.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/cloud_services.yaml -------------------------------------------------------------------------------- /artifacts/data/config_files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/config_files.yaml -------------------------------------------------------------------------------- /artifacts/data/containerd.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/containerd.yaml -------------------------------------------------------------------------------- /artifacts/data/database_servers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/database_servers.yaml -------------------------------------------------------------------------------- /artifacts/data/docker.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/docker.yaml -------------------------------------------------------------------------------- /artifacts/data/esxi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/esxi.yaml -------------------------------------------------------------------------------- /artifacts/data/file_systems.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/file_systems.yaml -------------------------------------------------------------------------------- /artifacts/data/hadoop.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/hadoop.yaml -------------------------------------------------------------------------------- /artifacts/data/ics.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/ics.yaml -------------------------------------------------------------------------------- /artifacts/data/installed_module_paths.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/installed_module_paths.yaml -------------------------------------------------------------------------------- /artifacts/data/installed_modules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/installed_modules.yaml -------------------------------------------------------------------------------- /artifacts/data/instant_messaging.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/instant_messaging.yaml -------------------------------------------------------------------------------- /artifacts/data/java.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/java.yaml -------------------------------------------------------------------------------- /artifacts/data/kaspersky_careto.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/kaspersky_careto.yaml -------------------------------------------------------------------------------- /artifacts/data/kubernetes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/kubernetes.yaml -------------------------------------------------------------------------------- /artifacts/data/legacy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/legacy.yaml -------------------------------------------------------------------------------- /artifacts/data/linux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/linux.yaml -------------------------------------------------------------------------------- /artifacts/data/linux_proc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/linux_proc.yaml -------------------------------------------------------------------------------- /artifacts/data/linux_services.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/linux_services.yaml -------------------------------------------------------------------------------- /artifacts/data/macos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/macos.yaml -------------------------------------------------------------------------------- /artifacts/data/shell.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/shell.yaml -------------------------------------------------------------------------------- /artifacts/data/tomcat.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/tomcat.yaml -------------------------------------------------------------------------------- /artifacts/data/triage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/triage.yaml -------------------------------------------------------------------------------- /artifacts/data/unix_common.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/unix_common.yaml -------------------------------------------------------------------------------- /artifacts/data/user.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/user.yaml -------------------------------------------------------------------------------- /artifacts/data/webbrowser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/webbrowser.yaml -------------------------------------------------------------------------------- /artifacts/data/webservers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/webservers.yaml -------------------------------------------------------------------------------- /artifacts/data/windows.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/windows.yaml -------------------------------------------------------------------------------- /artifacts/data/windows_dll_hijacking.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/windows_dll_hijacking.yaml -------------------------------------------------------------------------------- /artifacts/data/wmi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/data/wmi.yaml -------------------------------------------------------------------------------- /artifacts/definitions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/definitions.py -------------------------------------------------------------------------------- /artifacts/errors.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/errors.py -------------------------------------------------------------------------------- /artifacts/reader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/reader.py -------------------------------------------------------------------------------- /artifacts/registry.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/registry.py -------------------------------------------------------------------------------- /artifacts/scripts/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | -------------------------------------------------------------------------------- /artifacts/scripts/stats.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/scripts/stats.py -------------------------------------------------------------------------------- /artifacts/scripts/validator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/scripts/validator.py -------------------------------------------------------------------------------- /artifacts/source_type.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/source_type.py -------------------------------------------------------------------------------- /artifacts/writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/artifacts/writer.py -------------------------------------------------------------------------------- /config/appveyor/install.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/appveyor/install.ps1 -------------------------------------------------------------------------------- /config/appveyor/install.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/appveyor/install.sh -------------------------------------------------------------------------------- /config/appveyor/runtests.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/appveyor/runtests.sh -------------------------------------------------------------------------------- /config/dpkg/artifacts-data.dirs: -------------------------------------------------------------------------------- 1 | /usr/share/artifacts 2 | -------------------------------------------------------------------------------- /config/dpkg/artifacts-data.install: -------------------------------------------------------------------------------- 1 | usr/share/artifacts 2 | -------------------------------------------------------------------------------- /config/dpkg/artifacts-tools.install: -------------------------------------------------------------------------------- 1 | usr/bin 2 | -------------------------------------------------------------------------------- /config/dpkg/changelog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/dpkg/changelog -------------------------------------------------------------------------------- /config/dpkg/clean: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/dpkg/clean -------------------------------------------------------------------------------- /config/dpkg/compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /config/dpkg/control: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/dpkg/control -------------------------------------------------------------------------------- /config/dpkg/copyright: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/dpkg/copyright -------------------------------------------------------------------------------- /config/dpkg/python3-artifacts.install: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/dpkg/python3-artifacts.install -------------------------------------------------------------------------------- /config/dpkg/rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/config/dpkg/rules -------------------------------------------------------------------------------- /config/dpkg/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /dependencies.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/dependencies.ini -------------------------------------------------------------------------------- /docs/Artifacts definition format and style guide.asciidoc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/Artifacts definition format and style guide.asciidoc -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/conf.py -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/index.rst -------------------------------------------------------------------------------- /docs/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/requirements.txt -------------------------------------------------------------------------------- /docs/sources/Format-specification.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/Format-specification.md -------------------------------------------------------------------------------- /docs/sources/api/artifacts.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/api/artifacts.rst -------------------------------------------------------------------------------- /docs/sources/api/artifacts.scripts.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/api/artifacts.scripts.rst -------------------------------------------------------------------------------- /docs/sources/api/modules.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/api/modules.rst -------------------------------------------------------------------------------- /docs/sources/background/Stats.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/background/Stats.md -------------------------------------------------------------------------------- /docs/sources/background/Terminology.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/background/Terminology.md -------------------------------------------------------------------------------- /docs/sources/background/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/background/index.rst -------------------------------------------------------------------------------- /docs/sources/user/Installation-instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/user/Installation-instructions.md -------------------------------------------------------------------------------- /docs/sources/user/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/docs/sources/user/index.rst -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/pyproject.toml -------------------------------------------------------------------------------- /run_tests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/run_tests.py -------------------------------------------------------------------------------- /test_data/definitions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/test_data/definitions.json -------------------------------------------------------------------------------- /test_data/definitions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/test_data/definitions.yaml -------------------------------------------------------------------------------- /test_dependencies.ini: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | -------------------------------------------------------------------------------- /tests/reader_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/tests/reader_test.py -------------------------------------------------------------------------------- /tests/registry_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/tests/registry_test.py -------------------------------------------------------------------------------- /tests/source_type_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/tests/source_type_test.py -------------------------------------------------------------------------------- /tests/test_lib.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/tests/test_lib.py -------------------------------------------------------------------------------- /tests/validator_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/tests/validator_test.py -------------------------------------------------------------------------------- /tests/writer_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/tests/writer_test.py -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/tox.ini -------------------------------------------------------------------------------- /utils/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /utils/check_dependencies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/utils/check_dependencies.py -------------------------------------------------------------------------------- /utils/dependencies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/utils/dependencies.py -------------------------------------------------------------------------------- /utils/pylintrc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/utils/pylintrc -------------------------------------------------------------------------------- /utils/update_release.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ForensicArtifacts/artifacts/HEAD/utils/update_release.sh --------------------------------------------------------------------------------