![\"\"](\"http:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/faextr_win_run-300x114.png\")
<\/p>\nThis is a script developed in python to extract forensic artefacts from a file\/memory dump. It’s useful to run it after you’ve gone past the obfuscation layer(s) and reached the decrypted code\/data\/strings.
\nIt can extract filenames, registry keys, urls, e-mail addresses, IPs, etc.<\/p>\n
<\/p>\n
The data is logged to different text files, one for each category. This is a script developed in python to extract forensic artefacts from a file\/memory dump. It’s useful to run it after you’ve gone past the obfuscation layer(s) and reached the decrypted code\/data\/strings. It can extract filenames, registry keys, urls, e-mail addresses, IPs, etc. The data is logged to different text files, one for each category. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[14,13,6],"class_list":["post-52","post","type-post","status-publish","format-standard","hentry","category-security","tag-artefacts","tag-forensics","tag-tool"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":""},"post_excerpt_stackable_v2":" This is a script developed in python to extract forensic artefacts from a file\/memory dump. It’s useful to run it after you’ve gone past the obfuscation layer(s) and reached the decrypted code\/data\/strings. It can extract filenames, registry keys, urls, e-mail addresses, IPs, etc. The data is logged to different text files, one for each category. Here\u00a0you can find the code on github.<\/p>\n","category_list_v2":"Security<\/a>","author_info_v2":{"name":"malwrforensics","url":"https:\/\/malwrforensics.com\/en\/author\/u_malwrforensics\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/52","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/comments?post=52"}],"version-history":[{"count":2,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/52\/revisions"}],"predecessor-version":[{"id":56,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/52\/revisions\/56"}],"wp:attachment":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/media?parent=52"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/categories?post=52"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/tags?post=52"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nHere<\/strong><\/a>\u00a0you can find the code on github.<\/p>\n","protected":false},"excerpt":{"rendered":"