Gathering information from the windows platform
The collection of evidence is a fundamental part of conducting a forensic examination. Having clear and organized information is something that can facilitate the work of the
forensic. The objective of this project is to create a program that, given a range of dates, is capable of extracting various information from a Windows system such as user activity, open programs, browsing history, different information about the user, open programs, browsing history, and other data.
activity, open programs, browsing history, different information from the Windows registry... in such a
Windows registry... in that time range.
A program should be created that, given a time range, can extract information of interest to forensics, for example:
- Log branch change dates (CurrentVersionRun).
- Recent files
- Installed programs
- Open programs
- Browsing history
- Connected devices
- Log events
If a time range is not provided, it could take a default value, for example,
the last 24 hours, the last week or the last month.
You can enhance your project with the following features:
Although the collected information can be displayed per screen in an orderly manner
in different sections, you can optionally implement the following functionalities:
- Create a graphical timeline showing all evidence organized in time and by categories.
in time and by categories.
- The user's directory tree can be displayed graphically.
## 💡 About the project
Please provide the start and end dates in the format "dd/mm/aaaa" when executing your script. For example:
python recovery.py --start 01/01/2022 --end 31/12/2022
if you do not set any date, it will take certain default values, which by default are 30 days.