Artifact Types

Brief overview to Artifact Types

You can use the command line options for enabling each artifact type separately when Custom collection profile is selected by providing --profile custom option.
Name
Long Form
Short Form
Default
Active Directory Logs
--ADLogs
-adl
TRUE
Apache Logs
--ApacheLogs
-apcl
TRUE
DHCP Server Logs
--DHCPLogs
-dhcpl
TRUE
DNS Server Logs
--DNSLogs
-dnsl
TRUE
IIS Logs
--IISLogs
-iisl
TRUE
Microsoft Exchange Logs
--ExchangeLogs
-exchl
TRUE
MongoDB Logs
--MongoDBLogs
-mngl
TRUE
MSSQL Logs
--MSSQLLogs
-mssqll
TRUE
Cortana History
--CortanaHistory
-crtnh
FALSE
Microsoft Calendar
--MicrosoftCalendar
-mclndr
FALSE
Microsoft Maps
--MicrosoftMaps
-mmps
FALSE
Microsoft People
--MicrosoftPeople
-mppl
FALSE
Microsoft Photos
--MicrosoftPhotosHistory
-mph
FALSE
Microsoft Sticky Notes
--StickyNotes
-stckyn
FALSE
Microsoft Store Applications List
--StoreApplicationsDB
-strdb
TRUE
Microsoft Voice Record History
--VoiceRecordHistory
-vrcdh
FALSE
Search History
--SearchHistory
-srch
FALSE
Windows Notification History
--NotificationHistory
-ntfh
TRUE
Discord Desktop Cache
--DiscordCache
-dscrdc
FALSE
Microsoft Mail
--MicrosoftMail
-mml
FALSE
Microsoft Outlook
--Outlook
-outlk
FALSE
Mozilla Thunderbird
--Thunderbird
-thndr
FALSE
Skype Databases
--SkypeDB
-skypdb
TRUE
Skype Media
--SkypeMedia
-skpym
FALSE
Teamviewer Logs
--TeamviewerLogs
-tml
TRUE
WhatsApp Desktop Cache
--WhatsAppCache
-whtc
FALSE
WhatsApp Desktop Cookie
--WhatsAppCookie
-whtck
FALSE
Windows Live Mail User Settings
--WindowsMail
-wndml
FALSE
Zoom Databases
--ZoomDB
-zmdb
TRUE
Zoom Media
--ZoomMedia
-zmm
FALSE
Facebook Cache
--FacebookCache
-fcbkc
FALSE
Facebook Databases
--FacebookDB
-fcbkdb
FALSE
LinkedIn Cache
--LinkedInCache
-lnkc
FALSE
Spotify Cache
--SpotifyCache
-sptfyc
FALSE
Spotify Recently Played List
--SpotifyList
-sptfyl
TRUE
Twitter Cache
--TwitterCache
-twtc
FALSE
Twitter Databases
--TwitterDB
-twtdb
TRUE
Evernote Databases
--EvernoteDB
-everdb
FALSE
Evernote Drag and Drop Files
--EvernoteDD
-everdd
FALSE
Evernote Logs
--EvernoteLogs
-everl
FALSE
Everything History
--EverythingHistory
-evryh
FALSE
Notepad++ Sessions
--Notepad
-ntpd
TRUE
OpenVPN Config
--OpenVPN
-ovpn
TRUE
Sublime Text Sessions
--SublimeSession
-sblm
TRUE
iTunes Backups
--iTunesBackups
-itnb
FALSE
VMware Config
--VMwareConfig
-vmc
TRUE
VMware Drag and Drop Files
--VMwareDD
-vmdd
FALSE
VMware Logs
--VMwareLogs
-vml
FALSE
FileZilla Sessions
--FileZilla
-flz
TRUE
Github Desktop Cache
--GithubDesktopCache
-gthbc
FALSE
Github Desktop Databases
--GithubDesktopDB
-gtdb
TRUE
Github Desktop Logs
--GithubDesktopLogs
-gthbl
FALSE
Tortoise Git Logs
--TortoiseLogs
-trtl
TRUE
Visual Studio Team Explorer Config
--VisualStudioTeam
-vstm
TRUE
WSL
--WSL
-wsl
TRUE
Dropbox Cache
--DropboxCache
-drpc
FALSE
Dropbox Databases
--DropboxDB
-drpdb
TRUE
Dropbox Logs
--DropboxLogs
-drpl
FALSE
Google Drive Databases
--GoogleDriveDB
-gdrvdb
TRUE

TACTICAL - Previous

Evidence Types

Next - TACTICAL

Command Line Examples

Last modified 1yr ago

Name	Long Form	Short Form	Default
Active Directory Logs	--ADLogs	-adl	TRUE
Apache Logs	--ApacheLogs	-apcl	TRUE
DHCP Server Logs	--DHCPLogs	-dhcpl	TRUE
DNS Server Logs	--DNSLogs	-dnsl	TRUE
IIS Logs	--IISLogs	-iisl	TRUE
Microsoft Exchange Logs	--ExchangeLogs	-exchl	TRUE
MongoDB Logs	--MongoDBLogs	-mngl	TRUE
MSSQL Logs	--MSSQLLogs	-mssqll	TRUE
Cortana History	--CortanaHistory	-crtnh	FALSE
Microsoft Calendar	--MicrosoftCalendar	-mclndr	FALSE
Microsoft Maps	--MicrosoftMaps	-mmps	FALSE
Microsoft People	--MicrosoftPeople	-mppl	FALSE
Microsoft Photos	--MicrosoftPhotosHistory	-mph	FALSE
Microsoft Sticky Notes	--StickyNotes	-stckyn	FALSE
Microsoft Store Applications List	--StoreApplicationsDB	-strdb	TRUE
Microsoft Voice Record History	--VoiceRecordHistory	-vrcdh	FALSE
Search History	--SearchHistory	-srch	FALSE
Windows Notification History	--NotificationHistory	-ntfh	TRUE
Discord Desktop Cache	--DiscordCache	-dscrdc	FALSE
Microsoft Mail	--MicrosoftMail	-mml	FALSE
Microsoft Outlook	--Outlook	-outlk	FALSE
Mozilla Thunderbird	--Thunderbird	-thndr	FALSE
Skype Databases	--SkypeDB	-skypdb	TRUE
Skype Media	--SkypeMedia	-skpym	FALSE
Teamviewer Logs	--TeamviewerLogs	-tml	TRUE
WhatsApp Desktop Cache	--WhatsAppCache	-whtc	FALSE
WhatsApp Desktop Cookie	--WhatsAppCookie	-whtck	FALSE
Windows Live Mail User Settings	--WindowsMail	-wndml	FALSE
Zoom Databases	--ZoomDB	-zmdb	TRUE
Zoom Media	--ZoomMedia	-zmm	FALSE
Facebook Cache	--FacebookCache	-fcbkc	FALSE
Facebook Databases	--FacebookDB	-fcbkdb	FALSE
LinkedIn Cache	--LinkedInCache	-lnkc	FALSE
Spotify Cache	--SpotifyCache	-sptfyc	FALSE
Spotify Recently Played List	--SpotifyList	-sptfyl	TRUE
Twitter Cache	--TwitterCache	-twtc	FALSE
Twitter Databases	--TwitterDB	-twtdb	TRUE
Evernote Databases	--EvernoteDB	-everdb	FALSE
Evernote Drag and Drop Files	--EvernoteDD	-everdd	FALSE
Evernote Logs	--EvernoteLogs	-everl	FALSE
Everything History	--EverythingHistory	-evryh	FALSE
Notepad++ Sessions	--Notepad	-ntpd	TRUE
OpenVPN Config	--OpenVPN	-ovpn	TRUE
Sublime Text Sessions	--SublimeSession	-sblm	TRUE
iTunes Backups	--iTunesBackups	-itnb	FALSE
VMware Config	--VMwareConfig	-vmc	TRUE
VMware Drag and Drop Files	--VMwareDD	-vmdd	FALSE
VMware Logs	--VMwareLogs	-vml	FALSE
FileZilla Sessions	--FileZilla	-flz	TRUE
Github Desktop Cache	--GithubDesktopCache	-gthbc	FALSE
Github Desktop Databases	--GithubDesktopDB	-gtdb	TRUE
Github Desktop Logs	--GithubDesktopLogs	-gthbl	FALSE
Tortoise Git Logs	--TortoiseLogs	-trtl	TRUE
Visual Studio Team Explorer Config	--VisualStudioTeam	-vstm	TRUE
WSL	--WSL	-wsl	TRUE
Dropbox Cache	--DropboxCache	-drpc	FALSE
Dropbox Databases	--DropboxDB	-drpdb	TRUE
Dropbox Logs	--DropboxLogs	-drpl	FALSE
Google Drive Databases	--GoogleDriveDB	-gdrvdb	TRUE