Introduction

Artemis is a powerful command line digital forensic and incident response (DFIR) tool that collects forensic data from Windows, macOS, and Linux endpoints. Its primary focus is: speed, ease of use, and low resource usage.

Notable features so far:

• Setup collections using basic TOML files
• Parsing support for large amount of forensic artifacts (40+)
• Output to JSON or JSONL or CSV file(s)
• Can output results to local system or upload to cloud services.
• Embedded JavaScript runtime via Boa

The goal of this book is to provide a comprehensive guide on how to use artemis.

Artemis is a relatively(ish) new forensic tool written from scratch. While it does have an extensive test suite and has been carefully developed to make sure the data it produces is accurate. You may want to verify its output with other popular DFIR tools:

• The cross platform forensic tool Velociprator

During the development of artemis both of these tools were used to provide verification that the output of artemis is correct.

If you looking are for free and open-source forensic tool to add to your forensic toolkit or to casually review forensic data or compare the results of other forensic tools then artemis is a great option!

Contributing

You can find the source code on GitHub. If you find a bug feel free to open an issue. If you would like to contribute, please checkout the CONTRIBUTING guide and docs prior to starting.

License

artemis and artemis-api are released under the MIT License