forensicartifacts

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

📇 Digital Forensics Artifact Repository (forensicanalysis edition)

Analysis or research tools for digital forensics

Python script for outputting PCAPs as JSON as well as extracting attachments within the traffic stream

List of windows forensic artifacts across version and interpretation tips. Work in progress!