Artifact Collection

Comprehensive artifact collection skill for gathering and preserving digital forensic evidence. Enables systematic collection of volatile and non-volatile artifacts from endpoints, maintaining chain of custody, and ensuring forensic integrity throughout the collection process.

Capabilities

• Volatile Data Collection: Capture RAM, running processes, network connections
• Disk Artifact Collection: Collect registry, event logs, browser data
• Log Collection: Gather system, application, and security logs
• Configuration Collection: Capture system configuration and state
• Evidence Packaging: Package artifacts with integrity verification
• Chain of Custody: Document and maintain evidence chain of custody
• Remote Collection: Collect artifacts from remote systems
• Triage Collection: Quick artifact collection for rapid response
• Selective Collection: Target specific artifact types
• Collection Verification: Verify collected artifact integrity

Quick Start