Skip to content
/ FAEP Public
forked from sujayadkesar/FAEP

FAEP is an automated tool to extract and parse forensic artifacts from .E01 images automatically, with a clean GUI and minimal manual effort.

License

GPL-2.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ph1nx/FAEP

BranchesTags
 
 

Repository files navigation

🔍 Forensics Artifact Extractor & Parser

End-to-End Automated Forensic Artifact Extractor and Parser for E01 Images

🧠 What is FAEP?

Forensics Artifact Extractor & Parser is an intelligent and completely automated digital forensics tool designed to extract and parse artifacts from forensic disk images, especially E01 files. Just load the image and let the tool do everything: extract, process, and generate parsed outputs using industry-standard tools — all in one click.

It’s built for DFIR professionals, forensic analysts, and cybersecurity researchers who want speed, reliability, and automation while investigating E01 images.

🚀 Features

  • 📂 Full Artifact Extraction from .E01 images
  • 🧰 Built-in Integration with top tools:
    • RegRipper
    • AmcacheParser
    • Hindsight
    • EvtxECmd
    • MFTECmd
    • and many more...
  • 📜 Auto-parsing of:
    • NTUSER.DAT, SAM, SYSTEM, SOFTWARE
    • Amcache.hve, SRUDB.dat, Prefetch
    • Event Logs, Web History, etc.
  • 🖥️ Clean GUI (or CLI optional)
  • 🧾 Consolidated and human-readable output
  • 📁 Saves parsed output with proper timestamped folders
  • ⏱️ Minimal manual intervention

🧩 Supported Artifacts

Artifact Type Tool Used
Registry Hives RegRipper
Web Artifacts Hindsight
App Execution AmcacheParser
User Activity SRUM Parser
Prefetch Files PECmd
Event Logs EvtxECmd
MFT / USN Journal MFTECmd / UsnJrnlParser

📸 Screenshots


Figure 1: Dashboard


Figure 2: Disk Partitions


Figure 3: Processing of image

🛠️ Installation

🔹 Prerequisites

  • Python 3.10+
  • pip
  • Windows OS (Recommended for tool compatibility)
  • Admin permissions
  • Postgres DB

🔹 Clone and Setup

  1. Option A
git clone https://github.com/sujayadkesar/FAEP.git
cd FAEP
pip install -r requirements.txt
python FAEP_GUI.py
  1. Option B (recommended) Direct installer (exe)

Then, follow the GUI prompts to:

  1. Load .E01 file
  2. Choose Output Directory
  3. Hit Process All
  4. Parsed results will be saved in ParsedArtifacts/YYYY-MM-DD_HH-MM/

You can also run in headless mode for batch automation. (Docs coming soon)

🤝 Contributing

PRs and suggestions are welcome! Please fork the repository and open an issue or submit a pull request.

📜 License

MIT License. See LICENSE file for more details.

🙌 Acknowledgments

digital forensics, E01 parser, amcache parser, registry parser, forensic automation tool, DFIR, hindsight automation, SRUM parser, artifact extractor, python forensic tool, AutoForenParse, Forensic artifacts parser

About

FAEP is an automated tool to extract and parse forensic artifacts from .E01 images automatically, with a clean GUI and minimal manual effort.

Topics

python3 dfir digital-forensics forensic-analysis python-automation amcache browser-forensics dfir-automation registry-parser disk-forensics dfir-tools artifacts-parser artifacts-extractor pyewf

Resources

Readme

License

GPL-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Perl 69.4%
  • Python 28.6%
  • Smarty 1.4%
  • CSS 0.3%
  • Raku 0.2%
  • YARA 0.1%