This is a script developed in python to extract forensic artefacts from a file/memory dump. It’s useful to run it after you’ve gone past the obfuscation layer(s) and reached the decrypted code/data/strings.
It can extract filenames, registry keys, urls, e-mail addresses, IPs, etc.
The data is logged to different text files, one for each category.
Here you can find the code on github.