python-artifacts 20170808-1 / usr / lib / python2.7 / dist-packages / artifacts / definitions.py

This file is indexed.

/usr/lib/python2.7/dist-packages/artifacts/definitions.py is in python-artifacts 20170808-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# -*- coding: utf-8 -*-
"""Constants and definitions."""

from __future__ import unicode_literals


TYPE_INDICATOR_ARTIFACT_GROUP = 'ARTIFACT_GROUP'
TYPE_INDICATOR_COMMAND = 'COMMAND'
TYPE_INDICATOR_DIRECTORY = 'DIRECTORY'
TYPE_INDICATOR_FILE = 'FILE'
TYPE_INDICATOR_PATH = 'PATH'
TYPE_INDICATOR_WINDOWS_REGISTRY_KEY = 'REGISTRY_KEY'
TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE = 'REGISTRY_VALUE'
TYPE_INDICATOR_WMI_QUERY = 'WMI'

LABELS = {
    'Antivirus':
        'Antivirus related artifacts, e.g. quarantine files.',
    'Authentication':
        'Authentication artifacts.',
    'Browser':
        'Web Browser artifacts.',
    'Cloud':
        'Cloud applications artifacts.',
    'Cloud Storage':
        'Cloud storage artifacts.',
    'Configuration Files':
        'Configuration files artifacts.',
    'Execution':
        'Contain execution events.',
    'ExternalAccount': (
        'Information about any user accounts e.g. username, '
        'account ID, etc.'),
    'External Media':
        'Contain external media data or events e.g. USB drives.',
    'IM':
        'Instant Messaging / Chat applications artifacts.',
    'iOS':
        'Artifacts related to iOS devices connected to the system.',
    'History Files':
        'History files artifacts e.g. .bash_history.',
    'KnowledgeBase':
        'Artifacts used in knowledge base generation.',
    'Logs':
        'Contain log files.',
    'Mail':
        'Mail client applications artifacts.',
    'Memory':
        'Artifacts retrieved from memory.',
    'Network':
        'Describe networking state.',
    'Processes':
        'Describe running processes.',
    'Rekall':
        'Artifacts using the Rekall memory forensics framework.',
    'Software':
        'Installed software.',
    'System':
        'Core system artifacts.',
    'Users':
        'Information about users.'}

SUPPORTED_OS = frozenset(['Darwin', 'Linux', 'Windows'])

TOP_LEVEL_KEYS = frozenset([
    'conditions', 'doc', 'labels', 'name', 'provides', 'sources',
    'supported_os', 'urls'])

APT Browse - Built by Thomas Orozco.