BAM

Artemis supports extracting Background Activities Manager (BAM) entries from the Windows Registry. BAM entries can record evidence of program execution.

Collection

You have to use the artemis api in order to collect BAM entries.

Sample API Script

import { backgroundActivitiesManager } from "../artemis-api/src/windows/registry/bam";

function main() {
    const data = backgroundActivitiesManager();
    console.log(JSON.stringify(data));
}

main();

Output Structure

An array of Bam

export interface Bam{
    key_path: string;
    reg_path: string;
    sid: string;
    path: string;
    last_execution: string;
}