{"id":21283298,"url":"https://github.com/puffycid/artemis","last_synced_at":"2026-05-08T06:21:53.863Z","repository":{"id":167049812,"uuid":"642152282","full_name":"puffyCid/artemis","owner":"puffyCid","description":"A cross platform forensic parser written in Rust!","archived":false,"fork":false,"pushed_at":"2025-04-09T01:29:41.000Z","size":38516,"stargazers_count":80,"open_issues_count":25,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-09T22:18:07.571Z","etag":null,"topics":["dfir","digital-forensics","incident-response","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/puffyCid.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-18T00:05:33.000Z","updated_at":"2025-04-09T01:29:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"5b314e9c-3d18-45df-b04c-e04d81a1fbb9","html_url":"https://github.com/puffyCid/artemis","commit_stats":null,"previous_names":["puffycid/artemis"],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puffyCid%2Fartemis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puffyCid%2Fartemis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puffyCid%2Fartemis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puffyCid%2Fartemis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/puffyCid","download_url":"https://codeload.github.com/puffyCid/artemis/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248119286,"owners_count":21050755,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","digital-forensics","incident-response","rust"],"created_at":"2024-11-21T11:07:46.926Z","updated_at":"2026-05-08T06:21:53.849Z","avatar_url":"https://github.com/puffyCid.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Artemis - A cross platform DFIR application\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg?style=for-the-badge)](https://opensource.org/licenses/MIT)\n[![codecov](https://img.shields.io/codecov/c/github/puffyCid/artemis?style=for-the-badge)](https://codecov.io/github/puffyCid/artemis)\n![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/puffycid/artemis/nightly.yml?style=for-the-badge)\n![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/puffycid/artemis/audit.yml?label=Audit\u0026style=for-the-badge)\n\nArtemis is a powerful command line digital forensic and incident response (DFIR)\ntool that collects forensic data from Windows, macOS, Linux, and FreeBSD endpoints. Its\nprimary focus is: speed, ease of use, and low resource usage.\\\nNotable features _so far_:\n\n- Setup collections using basic TOML files\n- Parsing support for large amount of forensic artifacts (40+)\n- Output to JSON, JSONL, or CSV file(s)\n- Can output results to local system or upload to cloud services.\n- An embedded JavaScript runtime via [Boa](https://boajs.dev) that allows you to script and create your own parsers and artifacts.\n- Timeline support that is compatible with [Timesketch](https://timesketch.org/)\n\nCheckout the online guide at https://puffycid.github.io/artemis-api for in-depth\nwalkthrough on using artemis\n\n## Quick Guide\n\n1. Download the latest stable release binary from GitHub. Nightly versions also\n [available](https://github.com/puffyCid/artemis/releases/tag/nightly)\n2. Run artemis!\n\n```\nartemis -h\nUsage: artemis [OPTIONS] [COMMAND]\n\nCommands:\n acquire Acquire forensic artifacts\n help Print this message or the help of the given subcommand(s)\n\nOptions:\n -t, --toml \u003cTOML\u003e Full path to TOML collector\n -d, --decode \u003cDECODE\u003e Base64 encoded TOML file\n -j, --javascript \u003cJAVASCRIPT\u003e Full path to JavaScript file\n -h, --help Print help\n -V, --version Print version\n```\n\nAn example to example collect a process listing.\n\n```\n\u003e artemis acquire -h\nAcquire forensic artifacts\n\nUsage: artemis acquire [OPTIONS] [COMMAND]\n\nCommands:\n processes Collect processes\n connections Collect network connections\n filelisting Pull filelisting\n systeminfo Get systeminfo\n prefetch windows: Parse Prefetch\n eventlogs windows: Parse EventLogs\n rawfilelisting windows: Parse NTFS to get filelisting\n shimdb windows: Parse ShimDatabase\n registry windows: Parse Registry\n userassist windows: Parse Userassist\n shimcache windows: Parse Shimcache\n shellbags windows: Parse Shellbags\n amcache windows: Parse Amcache\n shortcuts windows: Parse Shortcuts\n usnjrnl windows: Parse UsnJrnl\n bits windows: Parse BITS\n srum windows: Parse SRUM\n users-windows windows: Parse Users\n search windows: Parse Windows Search\n tasks windows: Parse Windows Tasks\n services windows: Parse Windows Services\n jumplists windows: Parse Jumplists\n recyclebin windows: Parse RecycleBin\n wmipersist windows: Parse WMI Repository\n outlook windows: Parse Outlook messages\n mft windows: Parse MFT file\n execpolicy macos: Parse ExecPolicy\n users-macos macos: Collect local users\n fsevents macos: Parse FsEvents entries\n emond macos: Parse Emond persistence. Removed in Ventura\n loginitems macos: Parse LoginItems\n launchd macos: Parse Launch Daemons and Agents\n groups-macos macos: Collect local groups\n unifiedlogs macos: Parse the Unified Logs\n sudologs-macos macos: Parse Sudo log entries from Unified Logs\n spotlight macos: Parse the Spotlight database\n sudologs-linux linux: Grab Sudo logs\n journals linux: Parse systemd Journal files\n logons linux: Parse Logon files\n rawfilelisting-ext4 linux: Parse the raw ext4 filesystem\n help Print this message or the help of the given subcommand(s)\n\nOptions:\n --format \u003cFORMAT\u003e Output format. JSON or JSONL or CSV [default: JSON]\n --output-dir \u003cOUTPUT_DIR\u003e Optional output directory for storing results [default: ./tmp]\n --compress GZIP Compress results\n --timeline Timeline parsed data. Output is always JSONL\n -h, --help Print help\n\n\n\n\u003e artemis acquire processes\n[artemis] Starting artemis collection!\n[artemis] Writing output to: ./tmp\n[artemis] Finished artemis collection!\n\n./tmp/local_collector/\n8706ce06-ff87-4ea9-8685-c96b64fb2cbe.log processes_ef308829-a667-496b-b983-d82e7fd7a631.json status_fedora.log\n\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuffycid%2Fartemis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpuffycid%2Fartemis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuffycid%2Fartemis/lists"}