Releases: Silv3rHorn/ArtifactExtractor
Releases · Silv3rHorn/ArtifactExtractor
ArtifactExtractor-20210510
- Added support for
- Software Quality Metrics (SQM)
- User Access Logs (UAL)
- Event Trace Logs (ETL)
- certutil metadata files
- BITS qmgr.dat
- Fixed bug - Identical files from 2 different partitions with the same
dest_dirare now extracted correctly
ArtifactExtractor-20190707
- Added support for
- Scheduled task files
- Signature catalog files
- RDP cache files
- WER Reports
- Thumbcache
ArtifactExtractor-20190414
- Added support for Windows Defender & Microsoft Antimalware logs
Note: This version has yet to be comprehensively tested. Use at own risk.
ArtifactExtractor-20190310
- Updated dependency libraries
- Creates less empty folders
- No longer creates partition base folder if
--ppis not used
ArtifactExtractor-20181209
- Added support for StartupInfo and Syscache artifacts
ArtifactExtractor-20180811
- Added support to extract unsupported artifact by specifying its path
- Improved logging
ArtifactExtractor-20180607
- Added support for extraction of all event logs
- Added support for extraction of Windows Timeline activities db
- Added support for extraction of PowerShell console history
- Added support for extraction of artefacts from Windows.old directory (
--oldflag)
ArtifactExtractor-20180331
- Added support for relative path arguments
ArtifactExtractor-20180313
- Added support for extraction of registry transaction logs
- Added support to preserve original path of artifact in extraction (use
--pp(preserve path) argument)
ArtifactExtractor-20171222
- Fixed unicode logging bug
- Added support for multiple partitions extraction
- Added support for Windows XP artifacts
- Added support for selection of specific artifacts