sysprofiler -windows disk images profiling

0
0

Sysprofiler is a Bash script that uses a combination of existing tools and manual processing to extract these artifacts and output them into either a Tab Separated (TSV) file, which can be opened as a spreadsheet, or a plaintext (TXT) file that can be opened in Word Processing software and edited directly into a report. All of the tools used by sysprofiler in the way the script uses them will run natively on Linux. This means that sysprofiler will run on a Linux system, or using WSL on Windows. It is not locked into one specific platform.

Many existing tools are used by this script, including:

  • TSK (www.sleuthkit.org)
  • RegRipper (https://github.com/keydet89/RegRipper2.8)
  • Parse::Win32Registry (http://search.cpan.org/~jmacfarla/Parse-Win32Registry-1.0/lib/Parse/Win32Registry.pm)
  • pwdump (https://github.com/moyix/creddump)
  • pylnker (https://github.com/HarmJ0y/pylnker)

some of the current module are osinfo – extract OS information:

  • Volume Name
  • Volume Serial Number
  • Filesystem
  • Size(bytes)
  • Windows Version
  • Service Pack
  • Owner
  • Organisation
  • Install Date
  • Hostname
  • Timezone
  • Timezone Offset

users – list user accounts on the system:

  • Username
  • SID
  • Full Name
  • Comment
  • Account Created
  • Last Login
  • Login Count
  • Password Set
  • Password Last Reset
  • Last Incorrect Password Entry
  • Password Hint
  • Flags
  • Groups

apps – lists apps installed on the system for all users (from Installer and Uninstall Registry keys):

  • Registry Key
  • User SID
  • Application
  • Version
  • Company
  • Install Date

You can read more and download the disk image  https://github.com/khyrenz/

Share