AutoParser

AutoParser is a forensic tool for parsing offline registry hives in order to extract forensic artifacts, which includes auto startup programs, lateral movement, archive files history, and other valuable artifacts.

Features

Parse offline registry hives.
Replay transaction logs against the hive.
Provide the timestamps of Windows registry keys creation.
Compatible with the Kuiper platform.
Support multiple output formats (CSV and JSON).

How to use

Install Python 3
Install tool's dependences:

pip3 install -r requirment.txt

Example

Below command will pares with all plugins using '-a' switch:

python3 AutoParser.py -a -p [path to folder of all registry hives] -o [path to results folder]

The results will be in folder that specified in command and each plugin results will be in separate file.

Licences

this project depends on:

YARP https://github.com/msuhanov/yarp
RegSkewer https://github.com/muteb/RegSkewer

Refernces

https://www.microsoftpressstore.com/articles/article.aspx?p=2762082&seqNum=2

Name		Name	Last commit message	Last commit date
Latest commit History 67 Commits
lib		lib
plugins		plugins
AutoParser.py		AutoParser.py
README.md		README.md
requirment.txt		requirment.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lib

lib

plugins

plugins

AutoParser.py

AutoParser.py

README.md

README.md

requirment.txt

requirment.txt

Repository files navigation

AutoParser

Features

How to use

Example

Licences

Refernces

About

Releases 1

Packages

Languages

mayHamad/AutoParser

Folders and files

Latest commit

History

Repository files navigation

AutoParser

Features

How to use

Example

Licences

Refernces

About

Topics

Resources

Stars

Watchers

Forks

Languages