Autopsy Python File Marker Module

Repetitively, I need the file system, registry, event logs and prefetch artifacts from end points.  So I created a script to mark files as interesting just to save time digging through the folder hierarchy.  The File Marker module can be downloaded from GitHub at:
File Marker Module
Listed the marked files with some of my favorite tools for parsing the artifacts too.    
Memory: pagefile.sys, hiberfil.sys and MEMORY.DMP
·             bulk_extractor –
·             Volatility –
File System: $MFT, $LogFile and $UsnJrnl:$J
·             Triforce ANJP Free Edition –
Registry: SYSTEM, SECURITY, SOFTWARE, SAM, NTUSER.DAT, UsrClass.dat and Amcache.hve
·             Registry Explorer –
·             RegRipper –
Event Logs: *.evtx
·             python-evtx –
Prefetch: *.pf
Please comment and share additional disk artifacts or tools that you use for triage!
File Marker Output

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s