What is an artifact?

Although there is no widely accepted definition of the term "digital forensic artifact", the Forensics Wiki provides this rather generalized definition:

An object of digital archaeological interest.

We have choosen to adopt MITRE's Cyber Observable eXpression (CybOX™) to represent digital forensic artifacts. CybOX is a standardized language for encoding and communicating high-fidelity information about cyber observables.

What is a cyber observable?

According to the CybOX community:

Cyber observables are events or stateful properties that occur, or may occur, in the operational cyber domain, such as the value of a registry key, deletion of a file, or the receipt of an http GET.

A Much Needed Resource

Much work has been done in the area of digital forensic artifact discovery, however, results from past research projects are dispersed, and are not centralized in a location that can provide easy access for scientists and practitioners to identify and analyze artifacts quickly and efficiently.

There is an immeasurable number of digital forensic artifacts today, and new artifacts are being created constantly leaving investigators “in the dark” when they come across an artifact that they have not seen before. This in turn slows down the investigative process or, even worse, could allow for evidence to be overlooked.

"Digital forensic laboratories are seeing an increase in demand while also seeing a significant increase in the amount of data received for each examination."

(Casey, Katz, & Lewthwaite, 2013)

This calls for researchers to develop methods that increase the rate of forensic artifact acquisition and analysis.

Enter AGP

AGP, or Artifact Genome Project, is an online system for uploading and viewing digital forensic artifacts. The project began in 2014 initiated by the University of New Haven and Purdue University's VACCINE, a US Department of Homeland Security Center of Excellence. We selected 19 cyber observables from MITRE's CybOX, representing what we believe to be the most prominent and common cyber observables. Users can upload artifacts they discover to the AGP website by filling out the applicable form.

Artifacts can also be searched using keywords or any word that appears as part of the artifact. It is our hope that through collaboration with universities and research institutions, we can continue to grow the AGP database into a more complete representation of all artifacts that may be discovered in the cyber domain. It is also our intention to provide this tool as a resource to support investigators in gaining an understanding of the artifacts they find.