The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
MIT License
The DFIR Artifact Museum is a community-driven archive of DFIR-related artifacts. It was created to provide a centralized location for examples of artifacts from various operating systems.
To increase accessibility to sample artifacts without individual researchers having to duplicate efforts to generate data that frankly should be done once and then shared with the community so more time and energy can be spent on analysis rather than artifact generation.
Hopefully, with more exposure to artifacts from various operating systems centralized in a single location, someone who never uses Linux might gain more familiarity with what Linux artifacts look like. Same with someone who only uses Linux and doesn't use Windows.
Additionally, with more exposure to artifacts, hopefully those who enjoy creating tools will have sample data from which they can create a parser and share with the community. Having an artifact readily available as sample data takes one major hassle out of the way when it comes to having an idea for a parsing tool to actually creating it and sharing it.
Want to see what the future holds for the DFIRArtifactMuseum repo? Check out the project boards where the to-do lists can be found!
Please check out CONTRIBUTING.md if you want guidance on how you can contribute to the DFIRArtifactMuseum.
Special thank you to Kevin Pagano for the awesome logo!
Please see Digital Corpora's Research Paper on Bringing science to digital forensics with standardized forensic corpora