Back to binalyze.com
Search…
Welcome
AIR
AIR
Introduction
Setup
Features
Integrations
FAQ
TACTICAL
TACTICAL
What is TACTICAL?
Running TACTICAL from command line
Command Line Options
Evidence Types
Artifact Types
Command Line Examples
Exit Codes
DRONE
DRONE
Introduction
How to use it?
Settings
Reporting
Features
General
Licenses
Powered By
GitBook
Artifact Types
You can use the command line options for enabling each artifact type separately when Custom collection profile is selected by providing --profile custom option.
Name
Long Form
Short Form
Default
Active Directory Logs
--ADLogs
-adl
TRUE
Apache Logs
--ApacheLogs
-apcl
TRUE
DHCP Server Logs
--DHCPLogs
-dhcpl
TRUE
DNS Server Logs
--DNSLogs
-dnsl
TRUE
IIS Logs
--IISLogs
-iisl
TRUE
Microsoft Exchange Logs
--ExchangeLogs
-exchl
TRUE
MongoDB Logs
--MongoDBLogs
-mngl
TRUE
MSSQL Logs
--MSSQLLogs
-mssqll
TRUE
Cortana History
--CortanaHistory
-crtnh
FALSE
Microsoft Calendar
--MicrosoftCalendar
-mclndr
FALSE
Microsoft Maps
--MicrosoftMaps
-mmps
FALSE
Microsoft People
--MicrosoftPeople
-mppl
FALSE
Microsoft Photos
--MicrosoftPhotosHistory
-mph
FALSE
Microsoft Sticky Notes
--StickyNotes
-stckyn
FALSE
Microsoft Store Applications List
--StoreApplicationsDB
-strdb
TRUE
Microsoft Voice Record History
--VoiceRecordHistory
-vrcdh
FALSE
Search History
--SearchHistory
-srch
FALSE
Windows Notification History
--NotificationHistory
-ntfh
TRUE
Discord Desktop Cache
--DiscordCache
-dscrdc
FALSE
Microsoft Mail
--MicrosoftMail
-mml
FALSE
Microsoft Outlook
--Outlook
-outlk
FALSE
Mozilla Thunderbird
--Thunderbird
-thndr
FALSE
Skype Databases
--SkypeDB
-skypdb
TRUE
Skype Media
--SkypeMedia
-skpym
FALSE
Teamviewer Logs
--TeamviewerLogs
-tml
TRUE
WhatsApp Desktop Cache
--WhatsAppCache
-whtc
FALSE
WhatsApp Desktop Cookie
--WhatsAppCookie
-whtck
FALSE
Windows Live Mail User Settings
--WindowsMail
-wndml
FALSE
Zoom Databases
--ZoomDB
-zmdb
TRUE
Zoom Media
--ZoomMedia
-zmm
FALSE
Facebook Cache
--FacebookCache
-fcbkc
FALSE
Facebook Databases
--FacebookDB
-fcbkdb
FALSE
LinkedIn Cache
--LinkedInCache
-lnkc
FALSE
Spotify Cache
--SpotifyCache
-sptfyc
FALSE
Spotify Recently Played List
--SpotifyList
-sptfyl
TRUE
Twitter Cache
--TwitterCache
-twtc
FALSE
Twitter Databases
--TwitterDB
-twtdb
TRUE
Evernote Databases
--EvernoteDB
-everdb
FALSE
Evernote Drag and Drop Files
--EvernoteDD
-everdd
FALSE
Evernote Logs
--EvernoteLogs
-everl
FALSE
Everything History
--EverythingHistory
-evryh
FALSE
Notepad++ Sessions
--Notepad
-ntpd
TRUE
OpenVPN Config
--OpenVPN
-ovpn
TRUE
Sublime Text Sessions
--SublimeSession
-sblm
TRUE
iTunes Backups
--iTunesBackups
-itnb
FALSE
VMware Config
--VMwareConfig
-vmc
TRUE
VMware Drag and Drop Files
--VMwareDD
-vmdd
FALSE
VMware Logs
--VMwareLogs
-vml
FALSE
FileZilla Sessions
--FileZilla
-flz
TRUE
Github Desktop Cache
--GithubDesktopCache
-gthbc
FALSE
Github Desktop Databases
--GithubDesktopDB
-gtdb
TRUE
Github Desktop Logs
--GithubDesktopLogs
-gthbl
FALSE
Tortoise Git Logs
--TortoiseLogs
-trtl
TRUE
Visual Studio Team Explorer Config
--VisualStudioTeam
-vstm
TRUE
WSL
--WSL
-wsl
TRUE
Dropbox Cache
--DropboxCache
-drpc
FALSE
Dropbox Databases
--DropboxDB
-drpdb
TRUE
Dropbox Logs
--DropboxLogs
-drpl
FALSE
Google Drive Databases
--GoogleDriveDB
-gdrvdb
TRUE
TACTICAL - Previous
Evidence Types
Next - TACTICAL
Command Line Examples
Last modified
1mo ago
Copy link