Skip to main content

Introduction

Artemis is a powerful command line digital forensic and incident response (DFIR) tool that collects forensic data from Windows, macOS, and Linux endpoints. Its primary focus is: speed, ease of use, and low resource usage.

Notable features so far:

  • Setup collections using basic TOML files
  • Parsing support for large amount of forensic artifacts (40+)
  • Output to JSON or JSONL or CSV file(s)
  • Can output results to local system or upload to cloud services.
  • Embedded JavaScript runtime via Boa

The goal of this site is to provide a comprehensive guide on how to use artemis.

Contributing

You can find the source code on GitHub. If you find a bug feel free to open an issue. If you would like to contribute, please checkout the CONTRIBUTING guide and docs prior to starting.

License

artemis and artemis-api are released under the MIT License