Skip to content
/ AutoParser Public

AutoParser is a forensic tool for parsing offline registry hives.

9 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mayHamad/AutoParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
lib
lib
 
 
plugins
plugins
 
 
AutoParser.py
AutoParser.py
 
 
README.md
README.md
 
 
requirment.txt
requirment.txt
 
 

Repository files navigation

AutoParser

AutoParser is a forensic tool for parsing offline registry hives in order to extract forensic artifacts, which includes auto startup programs, lateral movement, archive files history, and other valuable artifacts.

Features

  • Parse offline registry hives.
  • Replay transaction logs against the hive.
  • Provide the timestamps of Windows registry keys creation.
  • Compatible with the Kuiper platform.
  • Support multiple output formats (CSV and JSON).

How to use

  • Install Python 3
  • Install tool's dependences:
pip3 install -r requirment.txt

Example

Below command will pares with all plugins using '-a' switch:

python3 AutoParser.py -a -p [path to folder of all registry hives] -o [path to results folder]
  • The results will be in folder that specified in command and each plugin results will be in separate file.

Licences

this project depends on:

Refernces

https://www.microsoftpressstore.com/articles/article.aspx?p=2762082&seqNum=2

About

AutoParser is a forensic tool for parsing offline registry hives.

Topics

windows parsers dfir-automation registry-keys foransic-artifacs

Resources

Readme
Activity

Stars

9 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

AutoParser 2.0.0 Latest
May 12, 2023

Packages

No packages published

Languages