Artifacts

Definition

In cybersecurity and digital forensics, an artifact is any piece of data that shows evidence of activity on a system. Artifacts help analysts understand what happened, when it happened, and which user or process was involved.

Artifacts can be created by the operating system, applications, security tools, or the attacker. They are usually not created for the purpose of investigation. Instead, they appear as a side effect of normal system behavior, which investigators later use as clues.

Common examples of artifacts include:

* Log entries that record logins, file access, or network connections
* File creation and modification timestamps
* Process execution records that show which programs ran and how they were launched
* Browser history, cookies, and cached files
* Registry keys on Windows that record installed programs, recent files, or user actions
* Prefetch files and other system traces that show program usage over time

During an investigation, analysts collect and correlate artifacts from many places to build a timeline of events. One artifact on its own may not tell the whole story, but multiple artifacts together can show how an attacker got in, what they did, and what impact they had.

Artifacts

Definition

Explore More Terms