Some useful scripts for extraction and correlation of forensic artifacts in Windows Registry
Some interesting scripts, probably outdated but still useful.
In 2012 Jacky Fox, on her MSc dissertation focused on extraction and correlation of Windows registry artifacts.
During her research she realised a set of bash script for forensic interpretation of Windows registry keys, including UserAssist and the keys related to USB devices.
A useful starting point for anyone who wants to develop their own analysis scripts.
Below a brief overview:
extractreg.sh
Collect and preserve registry files
getraw.sh
Utility to unzip registry files collected via extraxtreg.sh
networkinfo.sh
Correlate and present registry networking information in a concise manner
systeminfo.sh
Present System information information in a clear and connected manner
usbdevices.sh
Present information about previously connected USB devices in a clear and related manner.
userinfo.sh
Present information about users in a clear and related manner