Skip to main content

Overview

A really cool capability of artemis is it contains an embedded JavaScript runtime thats designed specifically for DFIR! Artemis uses Boa a JS engine written in Rust.

Using an embedded JS engine allows us to call Rust functions from JavaScript!
For example, the artemis function get_registry() can be used to parse a provided Registry file on disk. By registering this function with Boa we can call this function directly from JavaScript! In addition to JavaScript, we have TypeScript bindings that we can leverage that makes scripting even easier!

To summarize:

  1. We can create a script using TypeScript and call artemis Rust functions directly
  2. Compile TypeScript to JavaScript
  3. Execute JavaScript using artemis
info

The JS runtime in artemis is kind of like the VQL language for Velociraptor or the Dissect forensic framework

All three let you script forensic collections and parsing

Prerequisites for Scripting.

  1. A text-editor or IDE that supports TypeScript. VSCodium and VSCode have been tested
  2. A TypeScript to JavaScript bundler
    • esbuild. Is a a popular one and is extremely fast