Inspiration && What it does

Our project idea is on Windows forensic artifacts by creating an application to read the registries and extract pertinent information such as details relating to the operating system configuration, user activity, and software usage. For example, using the Forensic Toolkit (FTK) have to perform 5 steps to get the information and then you must do another 5 steps in an additional application to view it. The program would do this automatically over all the pieces of evidence the investigator would want. This project would scale the process up and save the examiner's time.

How I built it

Using FTK Imager, we created an image of a Windows machine. Then, we feed that into a python script to compile registry artifacts.

Challenges I ran into

Imaging Computers takes a very long time and you need to have a large flash drive Python 3.7 has some library issues therefore, we had to switch back to Python 2.7

Accomplishments that I'm proud of

Barely making a demo in time

What I learned

Projects are a lot more complicated then they seem kinda like High School Physics vs College Physics.

What's next for Automated Compilation of Windows Registry Artifacts

That is top-secret of course....shhhh

Built With

Share this project: