Releases: puffyCid/artemis
Releases · puffyCid/artemis
v0.9.0 - Released!
v0.9.0 - 2024-05-08
Added
- Support for parsing version 3 of macOS Fsevents
- Zlib decompression support
- Initial code for artemis client
- Initial script for macOS app sigining
Changed
- Improved JS HTTP client
Fixed
- Processes not containing args or env values
- Issue where artemis would parse a URI shellitem as a ZIP shellitem
- Issue where artemis-api would not return all sqlite results
- Removed some improper async code in JS runtime
ArtemisApi
- Initial support for Timesketch 🔥🔥
- Initial support for timelining artifacts 🔥
- Experimental Protobuf parser
- Experimental macOS BIOME parser
- Extract macOS Lulu info
- Extract macOS Munki application usage info
- Experimental support for parsing Windows Defender signatures
- Extract Chromium DIPS info
- Extract macOS Quarantine Events
- Extract Chromium Preferences
- Initial support for acquiring files
- Started adding tests that run via GitHub Actions
v0.8.0 - Released!
v0.8.0 - 2024-03-18
Added
- Support for querying any SQLITE database via artemis API
- macOS Spotlight parser!
- Optional args to all Linux artifacts
- Windows XPRESS decompression support without API calls. Decompression code from https://github.com/ForensicRS/frnsc-prefetch project (MIT)
Changed
- Updates to webui
- Made most Windows artifacts use alt_file or alt_dir arguements. Removed alt_drive options for most artifacts
- Combined all supported forensic artifacts. Can parse all supported forensic artifacts on any OS that can run artemis
Fixed
- Issue where artemis would fail to parse NTFS $SDS file data
Dependencies
- Updated all dependencies
ArtemisApi
- Support for querying macOS TCC.db files
- Support for parsing RPM sqlite database
- Updated UnifiedLog macOS support
- Support for querying Chromium Cookies database
- Support for querying Chromium Autofill database
- Support for querying Firefox Cookies database
- Support for parsing Chromium bookmarks
- Support for parsing VSCode extensions
- Parse some macOS Xprotect entries
0.7.0 - Released!
v0.7.0 - 2024-02-08
Added
- Optional parameters for all macOS artifacts
- WebUI improvements
- Insomnia config for server interaction
- Support for parsing ShellItems from JS runtime
- Support for extracting UTF16 strings to JS runtime
- Added cargo deny workflow to github actions
- Support for FILETIME timestamps in ESE databases
- WMI Repository parsing!
Changed
- Moved sudo logs into macOS and Linux artifacts. Instead of Unix artifacts
Fixed
- Server fixes and improvements
Dependencies
- Updated all dependencies
Tests
- BITS benchmarking test
- Improved test speed for firefox and chromium JS tests
ArtemisApi
- BOM parsing support for macOS
- Support for parsing multiple MRU Registry keys
- Support for getting macOS System Extensions
- User Access Log (UAL) parsing support for Windows servers!
0.6.2 - Released!
v0.6.2 - 2023-12-02
Added
- Initial idea for WASM webUI
- Just tool now recommended to build artemis
- Support for Registry Security Keys
- Cargo deny file
Changed
- Better support for macOS loginitems
- Made folder description lookups optional for userassist entries
- Improved artifact bindings to JS runtime
Fixed
- Error when parsed ESE tables did not return all data
- Incorrect ESE timestamps
Dependencies
- Updated to latest versions
ArtemisApi
- Added HTTP client for JS runtime
- Added command execution to JS runtime
- Basic support for VirusTotal lookups!
- Can now parse and dump table(s) in ESE dbs
- Retrieve installed homebrew packages and casks
- Retrieve installed deb packages
- Retrieve installed Chocolatey packages
- Parse history of Windows Updates
- List joined Wifi networks on macOS
- Get Windows PowerShell history
0.5.0 - Released!
v0.5.0 - 2023-10-30
Added
- Server upload support for compressed jsonl data. Also more async code.
- Support for collecting artifacts using command args. Example:
artemis acquire processes - Simple support for just command runner
Dependencies
- Removed redb
- Updated all dependencies to latest versions
ArtemisApi
- Lots of features added to API: LibreOffice and VSCode file history, macOS Firewall status, macOS App listing, and so much more!
- New documentation website!: https://puffycid.github.io/artemis-api
0.4.0 - Released!
v0.4.0 - 2023-09-14
Added
- Basic support for Windows PropertyStores
- Exposed several nom parsers to JavaScript (Deno) runtime
- Recycle Bin parser
- Initial idea for embedded server
- Support for parsing all Windows shortcut (LNK) extra properties
- Initial benchmarking tests
- Linux logon parser
Changed
- Github Actions support for macOS ARM binaries in nightly and stable relases
Fixed
- Added some error handling when calling JS runtime functions
- Bug when parsing ESE pages and not parsing the last page
Dependencies
- Updated dependencies to latest version
- Added axum and redb for server and database storage
- Added xml2json-rs crate for better xml to json parsing
v0.3.0 - 2023-08-14
v0.3.0 - Released!
Added
- Async deno scripts support
- Support for parsing Windows Schedule Tasks
- Deno bindings for globbing and reading XML files to JSON
- Windows Services parsing support
- Support for executing JavaScript file directly
- Nightly releases
- Basic support for parsing OLE data
- Support for parsing Windows Jumplists
Changed
- Overhauled deno scripting runtime
Fixed
- String extraction on UTF16 vs UTF8 (ASCII) Registry values
- Bug when extracting BigData cells and multiString value data from Regsitry
Dependencies
- Removed
deno_runtime - Update all dependencies
- Added glob crate for globbing support
- Added quick-xml crate for parsing XML files
Nightly
v0.2.0 - 2023-07-13
v0.2.0 - Released!
Darwin aarch64 (ARM) release is from a local mac Studio system due to issues with GitHub Actions and cross compiling. See #21
Other binaries are produced from GitHub Actions
Added
- Initial Linux support. Supports filelisting, processes, systeminfo, cron, shellhistory, chromium, firefox, and ELF binary artifacts
- Initial remote upload support for: GCP, Azure, and AWS
- Support for setting logging level from TOML input. error, warn, info, debug are supported
- Support for parsing ExecPolicy db on macOS
- Support for programatically outputting data through artemis via Deno runtime
- Journal parsing support on Linux
- Sudo log parser support for macOS and Linux
Changed
- Minor improvements to filelisting when PE or MACHO parsing is enabled
- Release binaries are now stripped
- Faster ESE parsing
Fixed
- Possible array out bounds error when trying to get browser user info
- Dont throw error if artemis cannot carve out BITS Job info
- Additional fixes and enhancements
- Duplicated ESE values when parsing branched data
Dependencies
- Updated all dependencies
- Added rusty-s3, jsonwebtoken, reqwest for remote upload support. elf for ELF parsing
- Added ruzstd to decompress Journal data
- Added lz4_flex for decompressing older Journal files
- Added xz2 for decompressing older Journal files
Tests
- Enabled additional tests
v0.1.0 - 2023-05-19
Initial release of artemis!
Darwin aarch64 (ARM) release is from a local mac Studio system due to issues with GitHub Actions and cross compiling. See #21
Other binaries are produced from GitHub Actions