GitHub
Edit on GitHub

Tracium Forensics Collectors

Detailed documentation on Tracium's 16 forensic artifact collectors.

Collector Interface

type Collector interface {
    OSName() string
    Architecture() string
    Hostname() (string, error)
    GetCurrentUser() (string, error)
    GetProcessID() int
    GetUptime() int64
    GetCPUInfo() CPUInfo
    GetMemoryInfo() MemoryInfo
    GetDiskInfo() []DiskInfo
    GetInterfaces() []InterfaceInfo
    GetProcesses() []ProcessInfo
    GetServices() []ServiceInfo
    CollectBrowserArtifacts(errors *[]string) BrowserArtifacts
    CollectCommunicationArtifacts(errors *[]string) CommunicationArtifacts
    CollectRecentFiles(errors *[]string) []RecentFileEntry
    CollectCommandHistory(errors *[]string) []CommandEntry
    // ... 12+ more methods
}

Browser Artifacts

Collects history, downloads, cookies, and bookmarks from Chrome, Firefox, Safari, and Edge.

Command History

Collects shell command history from bash, zsh, fish, PowerShell, and cmd.exe.

Privacy

Command history may contain sensitive information. Handle appropriately.

USB History

Collects USB device connection history including VendorID, ProductID, Serial, and timestamps.

Network History

Collects ARP cache, DNS cache, and network connections.