artemis is a powerful command line digital forensic and incident response (DFIR) tool that collects forensic data from Windows and macOS endpoints. Its primary focus is: speed, ease of use, and low resource usage.
Notable features so far:
- Setup collections using basic TOML files
- Parsing support for large amount of forensic artifacts (25+)
- Output to JSON or JSONL file(s) (remote uploading support coming soon)
- Can be used as a library via artemis-core
- MIT license
Checkout the online guide at https://puffycid.github.io/artemis-book for indepth walkthrough on using artemis
- Download the latest release binary from GitHub
- Download an example TOML collection
- Execute artemis using a provided TOML file with elevated privileges
- Review the output
artemis -t processes.toml
[artemis] Starting artemis collection!
[artemis] Finished artemis collection!
puffycid> ls -R
692f6c76-8312-472f-8005-2a3ecd2203f9.jsonl d97b86bb-a762-4bae-b8e8-16dad8708fa4.log status.log