artifactcollector/config/artifacts at main · forensicanalysis/artifactcollector · GitHub

Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
collections.yaml		collections.yaml
linux.yaml		linux.yaml
macos.yaml		macos.yaml
style_guide.md		style_guide.md
webbrowser.yaml		webbrowser.yaml
windows.yaml		windows.yaml
windows_logs.yaml		windows_logs.yaml
windows_persistence.yaml		windows_persistence.yaml
windows_usb.yaml		windows_usb.yaml

README.md

Artifact Definitions

The artifactcollector uses yaml files to define forensic artifacts it can collect.

The yaml files are based on the ForensicArtifacts/artifacts repository, but with the following major changes:

provides on source level are added to enable extraction of parameters
All source types are distinctly defined, including the DIRECTORY type.
Parameter expansion and globing is defined, including **.
Inconsistent trailing \* in REGISTRY_KEYs are removed.

The Style Guide describes the full specification of the artifact definitions how they are used in the artifactcollector.