Some interesting scripts, probably outdated but still useful.

In 2012 Jacky Fox, on her MSc dissertation focused on extraction and correlation of Windows registry artifacts.

During her research she realised a set of bash script for forensic interpretation of Windows registry keys, including UserAssist and the keys related to USB devices.

A useful starting point for anyone who wants to develop their own analysis scripts.


Below a brief overview:

extractreg.sh

Collect and preserve registry files

getraw.sh

Utility to unzip registry files collected via extraxtreg.sh

networkinfo.sh

Correlate and present registry networking information in a concise manner

systeminfo.sh

Present System information information in a clear and connected manner

usbdevices.sh

Present information about previously connected USB devices in a clear and related manner.

userinfo.sh

Present information about users in a clear and related manner


More information and downloads