├── .github └── workflows │ └── ci.yml ├── .gitignore ├── .golangci.yml ├── LICENSE ├── LICENSE-BSD ├── Makefile ├── README.md ├── artifacts ├── artifactcollector.go ├── artifactcollector_test.go ├── artifactdefinition.go ├── decoding.go ├── decoding_test.go ├── expansion.go ├── expansion_test.go ├── expansion_unix_test.go ├── expansion_windows_test.go ├── filter.go └── filter_test.go ├── assets ├── artifacts.generated.go ├── bin.generated.go └── config.generated.go ├── collect ├── collect.go ├── collect_test.go ├── createstore.go ├── log.go └── run.go ├── collector ├── collector.go ├── collector_test.go ├── configuration.go ├── file.go ├── file_test.go ├── process.go ├── process_test.go ├── registry_windows.go ├── registrydummy_unix.go ├── resolve.go ├── resolve_test.go ├── types.go ├── wmi.go ├── wmi_unix.go ├── wmi_windows.go └── wmi_windows_test.go ├── config ├── ac.yaml └── artifacts │ ├── README.md │ ├── collections.yaml │ ├── linux.yaml │ ├── macos.yaml │ ├── style_guide.md │ ├── webbrowser.yaml │ ├── windows.yaml │ ├── windows_logs.yaml │ ├── windows_persistence.yaml │ └── windows_usb.yaml ├── docs └── ac.png ├── doublestar ├── LICENSE ├── README.md ├── doublestar.go ├── doublestar_test.go └── example_test.go ├── go.mod ├── go.sum ├── main.go ├── store ├── aczip │ ├── example_test.go │ ├── extra.go │ ├── extra_test.go │ ├── struct.go │ ├── testdata │ │ └── readme.zip │ ├── writer.go │ ├── writer_test.go │ └── zip_test.go └── zipstore.go ├── test └── artifacts │ ├── collect_1.yaml │ ├── collect_2.yaml │ ├── collect_3.yaml │ ├── collect_4.yaml │ ├── collect_5.yaml │ ├── collect_6.yaml │ ├── invalid │ ├── artifact_os.yaml │ ├── attributes_1.yaml │ ├── attributes_10.yaml │ ├── attributes_11.yaml │ ├── attributes_12.yaml │ ├── attributes_13.yaml │ ├── attributes_14.yaml │ ├── attributes_15.yaml │ ├── attributes_16.yaml │ ├── attributes_2.yaml │ ├── attributes_3.yaml │ ├── attributes_4.yaml │ ├── attributes_5.yaml │ ├── attributes_6.yaml │ ├── attributes_7.yaml │ ├── attributes_8.yaml │ ├── attributes_9.yaml │ ├── custom.yaml │ ├── deprecated_vars.yaml │ ├── doc_long.yaml │ ├── ending.yml │ ├── file_1.yaml │ ├── file_2.yaml │ ├── file_3.yaml │ ├── group_member_exist.yaml │ ├── linux_name_prefix_1.yaml │ ├── mac_os_double_path_1.yaml │ ├── mac_os_double_path_2.yaml │ ├── macos_name_prefix_2.yaml │ ├── name_case_1.yaml │ ├── name_case_2.yaml │ ├── name_type_suffix_1.yaml │ ├── name_type_suffix_2.yaml │ ├── name_unique.yaml │ ├── no_cycles_1.yaml │ ├── no_cycles_2.yaml │ ├── no_windows_homedir.yaml │ ├── not_provided_1.yaml │ ├── not_provided_2.yaml │ ├── registry_current_control_set_1.yaml │ ├── registry_current_control_set_2.yaml │ ├── registry_hkey_current_user_1.yaml │ ├── registry_hkey_current_user_2.yaml │ ├── registry_key_unique.yaml │ ├── registry_value_unique.yaml │ ├── source_os.yaml │ ├── source_type.yaml │ ├── windows_name_prefix_3.yaml │ ├── windows_os_specific_1.yaml │ └── windows_os_specific_2.yaml │ ├── linux_test.yaml │ ├── macos_test.yaml │ ├── valid │ ├── double_star.yaml │ ├── mac_os_double_path_3.yaml │ ├── mac_os_double_path_4.yaml │ ├── name_type_suffix_3.yaml │ ├── processing.yaml │ └── valid.yaml │ └── windows_test.yaml └── tools ├── artifactvalidator ├── main.go ├── main_test.go ├── validator.go └── validator_test.go ├── go.mod ├── go.sum ├── resources ├── LICENSE ├── README.md ├── cmd.go ├── resources.go ├── resources_test.go └── testdata │ ├── 12.bin │ ├── 123.bin │ ├── patrick.txt │ ├── query.sql │ └── test.txt └── yaml2go └── main.go /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/.gitignore -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/.golangci.yml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/LICENSE -------------------------------------------------------------------------------- /LICENSE-BSD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/LICENSE-BSD -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/README.md -------------------------------------------------------------------------------- /artifacts/artifactcollector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/artifactcollector.go -------------------------------------------------------------------------------- /artifacts/artifactcollector_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/artifactcollector_test.go -------------------------------------------------------------------------------- /artifacts/artifactdefinition.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/artifactdefinition.go -------------------------------------------------------------------------------- /artifacts/decoding.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/decoding.go -------------------------------------------------------------------------------- /artifacts/decoding_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/decoding_test.go -------------------------------------------------------------------------------- /artifacts/expansion.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/expansion.go -------------------------------------------------------------------------------- /artifacts/expansion_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/expansion_test.go -------------------------------------------------------------------------------- /artifacts/expansion_unix_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/expansion_unix_test.go -------------------------------------------------------------------------------- /artifacts/expansion_windows_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/expansion_windows_test.go -------------------------------------------------------------------------------- /artifacts/filter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/filter.go -------------------------------------------------------------------------------- /artifacts/filter_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/artifacts/filter_test.go -------------------------------------------------------------------------------- /assets/artifacts.generated.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/assets/artifacts.generated.go -------------------------------------------------------------------------------- /assets/bin.generated.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/assets/bin.generated.go -------------------------------------------------------------------------------- /assets/config.generated.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/assets/config.generated.go -------------------------------------------------------------------------------- /collect/collect.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collect/collect.go -------------------------------------------------------------------------------- /collect/collect_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collect/collect_test.go -------------------------------------------------------------------------------- /collect/createstore.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collect/createstore.go -------------------------------------------------------------------------------- /collect/log.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collect/log.go -------------------------------------------------------------------------------- /collect/run.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collect/run.go -------------------------------------------------------------------------------- /collector/collector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/collector.go -------------------------------------------------------------------------------- /collector/collector_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/collector_test.go -------------------------------------------------------------------------------- /collector/configuration.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/configuration.go -------------------------------------------------------------------------------- /collector/file.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/file.go -------------------------------------------------------------------------------- /collector/file_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/file_test.go -------------------------------------------------------------------------------- /collector/process.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/process.go -------------------------------------------------------------------------------- /collector/process_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/process_test.go -------------------------------------------------------------------------------- /collector/registry_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/registry_windows.go -------------------------------------------------------------------------------- /collector/registrydummy_unix.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/registrydummy_unix.go -------------------------------------------------------------------------------- /collector/resolve.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/resolve.go -------------------------------------------------------------------------------- /collector/resolve_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/resolve_test.go -------------------------------------------------------------------------------- /collector/types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/types.go -------------------------------------------------------------------------------- /collector/wmi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/wmi.go -------------------------------------------------------------------------------- /collector/wmi_unix.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/wmi_unix.go -------------------------------------------------------------------------------- /collector/wmi_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/wmi_windows.go -------------------------------------------------------------------------------- /collector/wmi_windows_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/collector/wmi_windows_test.go -------------------------------------------------------------------------------- /config/ac.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/ac.yaml -------------------------------------------------------------------------------- /config/artifacts/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/README.md -------------------------------------------------------------------------------- /config/artifacts/collections.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/collections.yaml -------------------------------------------------------------------------------- /config/artifacts/linux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/linux.yaml -------------------------------------------------------------------------------- /config/artifacts/macos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/macos.yaml -------------------------------------------------------------------------------- /config/artifacts/style_guide.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/style_guide.md -------------------------------------------------------------------------------- /config/artifacts/webbrowser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/webbrowser.yaml -------------------------------------------------------------------------------- /config/artifacts/windows.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/windows.yaml -------------------------------------------------------------------------------- /config/artifacts/windows_logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/windows_logs.yaml -------------------------------------------------------------------------------- /config/artifacts/windows_persistence.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/windows_persistence.yaml -------------------------------------------------------------------------------- /config/artifacts/windows_usb.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/config/artifacts/windows_usb.yaml -------------------------------------------------------------------------------- /docs/ac.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/docs/ac.png -------------------------------------------------------------------------------- /doublestar/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/doublestar/LICENSE -------------------------------------------------------------------------------- /doublestar/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/doublestar/README.md -------------------------------------------------------------------------------- /doublestar/doublestar.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/doublestar/doublestar.go -------------------------------------------------------------------------------- /doublestar/doublestar_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/doublestar/doublestar_test.go -------------------------------------------------------------------------------- /doublestar/example_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/doublestar/example_test.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/go.sum -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/main.go -------------------------------------------------------------------------------- /store/aczip/example_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/example_test.go -------------------------------------------------------------------------------- /store/aczip/extra.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/extra.go -------------------------------------------------------------------------------- /store/aczip/extra_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/extra_test.go -------------------------------------------------------------------------------- /store/aczip/struct.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/struct.go -------------------------------------------------------------------------------- /store/aczip/testdata/readme.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/testdata/readme.zip -------------------------------------------------------------------------------- /store/aczip/writer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/writer.go -------------------------------------------------------------------------------- /store/aczip/writer_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/writer_test.go -------------------------------------------------------------------------------- /store/aczip/zip_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/aczip/zip_test.go -------------------------------------------------------------------------------- /store/zipstore.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/store/zipstore.go -------------------------------------------------------------------------------- /test/artifacts/collect_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/collect_1.yaml -------------------------------------------------------------------------------- /test/artifacts/collect_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/collect_2.yaml -------------------------------------------------------------------------------- /test/artifacts/collect_3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/collect_3.yaml -------------------------------------------------------------------------------- /test/artifacts/collect_4.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/collect_4.yaml -------------------------------------------------------------------------------- /test/artifacts/collect_5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/collect_5.yaml -------------------------------------------------------------------------------- /test/artifacts/collect_6.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/collect_6.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/artifact_os.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/artifact_os.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_10.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_10.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_11.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_11.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_12.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_12.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_13.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_13.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_14.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_14.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_15.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_15.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_16.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_16.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_3.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_4.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_4.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_5.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_6.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_6.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_7.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_7.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_8.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_8.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/attributes_9.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/attributes_9.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/custom.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/custom.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/deprecated_vars.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/deprecated_vars.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/doc_long.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/doc_long.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/ending.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/ending.yml -------------------------------------------------------------------------------- /test/artifacts/invalid/file_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/file_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/file_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/file_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/file_3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/file_3.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/group_member_exist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/group_member_exist.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/linux_name_prefix_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/linux_name_prefix_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/mac_os_double_path_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/mac_os_double_path_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/mac_os_double_path_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/mac_os_double_path_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/macos_name_prefix_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/macos_name_prefix_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/name_case_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/name_case_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/name_case_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/name_case_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/name_type_suffix_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/name_type_suffix_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/name_type_suffix_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/name_type_suffix_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/name_unique.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/name_unique.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/no_cycles_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/no_cycles_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/no_cycles_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/no_cycles_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/no_windows_homedir.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/no_windows_homedir.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/not_provided_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/not_provided_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/not_provided_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/not_provided_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/registry_current_control_set_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/registry_current_control_set_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/registry_current_control_set_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/registry_current_control_set_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/registry_hkey_current_user_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/registry_hkey_current_user_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/registry_hkey_current_user_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/registry_hkey_current_user_2.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/registry_key_unique.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/registry_key_unique.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/registry_value_unique.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/registry_value_unique.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/source_os.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/source_os.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/source_type.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/source_type.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/windows_name_prefix_3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/windows_name_prefix_3.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/windows_os_specific_1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/windows_os_specific_1.yaml -------------------------------------------------------------------------------- /test/artifacts/invalid/windows_os_specific_2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/invalid/windows_os_specific_2.yaml -------------------------------------------------------------------------------- /test/artifacts/linux_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/linux_test.yaml -------------------------------------------------------------------------------- /test/artifacts/macos_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/macos_test.yaml -------------------------------------------------------------------------------- /test/artifacts/valid/double_star.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/valid/double_star.yaml -------------------------------------------------------------------------------- /test/artifacts/valid/mac_os_double_path_3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/valid/mac_os_double_path_3.yaml -------------------------------------------------------------------------------- /test/artifacts/valid/mac_os_double_path_4.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/valid/mac_os_double_path_4.yaml -------------------------------------------------------------------------------- /test/artifacts/valid/name_type_suffix_3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/valid/name_type_suffix_3.yaml -------------------------------------------------------------------------------- /test/artifacts/valid/processing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/valid/processing.yaml -------------------------------------------------------------------------------- /test/artifacts/valid/valid.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/valid/valid.yaml -------------------------------------------------------------------------------- /test/artifacts/windows_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/test/artifacts/windows_test.yaml -------------------------------------------------------------------------------- /tools/artifactvalidator/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/artifactvalidator/main.go -------------------------------------------------------------------------------- /tools/artifactvalidator/main_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/artifactvalidator/main_test.go -------------------------------------------------------------------------------- /tools/artifactvalidator/validator.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/artifactvalidator/validator.go -------------------------------------------------------------------------------- /tools/artifactvalidator/validator_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/artifactvalidator/validator_test.go -------------------------------------------------------------------------------- /tools/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/go.mod -------------------------------------------------------------------------------- /tools/go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/go.sum -------------------------------------------------------------------------------- /tools/resources/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/LICENSE -------------------------------------------------------------------------------- /tools/resources/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/README.md -------------------------------------------------------------------------------- /tools/resources/cmd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/cmd.go -------------------------------------------------------------------------------- /tools/resources/resources.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/resources.go -------------------------------------------------------------------------------- /tools/resources/resources_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/resources_test.go -------------------------------------------------------------------------------- /tools/resources/testdata/12.bin: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /tools/resources/testdata/123.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/testdata/123.bin -------------------------------------------------------------------------------- /tools/resources/testdata/patrick.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/testdata/patrick.txt -------------------------------------------------------------------------------- /tools/resources/testdata/query.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/resources/testdata/query.sql -------------------------------------------------------------------------------- /tools/resources/testdata/test.txt: -------------------------------------------------------------------------------- 1 | this is test.txt 2 | -------------------------------------------------------------------------------- /tools/yaml2go/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forensicanalysis/artifactcollector/HEAD/tools/yaml2go/main.go --------------------------------------------------------------------------------