WinOSparser

Parser for Windows registry that supports current and old installations/upgrades. This could be helpful in digital forensics and investigations. I considered this beta I've tested this on 10+ installations without a problem.

Current operating system information is located in SOFTWARE\Microsoft\Windows NT\CurrentVersion
The old installations are located SYSTEM\Setup\Source OS (Updated on xx/xx/xxxx xx:xx:xx)

Usage

Coded in Python3.
WinOSparser.py SYSTEM SOFTWARE
or
python3 WinOSparser.py SYSTEM SOFTWARE

Installation

Prerequisites
Python3
Windows Registry python library from Willi Ballenthin (included)
Install
git clone https://github.com/dfirdoctor/WinOSparser.git
https://github.com/dfirdoctor/WinOSparser/archive/master.zip

Screenshots

Credits

Willi Ballenthin (Windows Registry library)
Glenn P. Edwards Jr (reused code)

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
Registry		Registry
__pycache__		__pycache__
dist		dist
image		image
README.md		README.md
WinOSparser.py		WinOSparser.py
setup.py		setup.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Registry

Registry

pycache

pycache

dist

dist

image

image

README.md

README.md

WinOSparser.py

WinOSparser.py

setup.py

setup.py

Repository files navigation

WinOSparser

Usage

Installation

Screenshots

Credits

About

Releases

Packages

Languages

dfirdoctor/WinOSparser

Folders and files

Latest commit

History

Repository files navigation

WinOSparser

Usage

Installation

Screenshots

Credits

About

Resources

Stars

Watchers

Forks

Languages