Awesome
ArtifactExtractor
ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs.
Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before extraction.
Dependencies
None if using release executable on Windows.
Else:
- Install backports.lzma
- Windows: Use latest wheel file available from here
- Linux: Use a package manager, e.g.
sudo apt install liblzma-dev
- Install libewf
- libewf-legacy should be installed rather than libewf (experimental) - Newer experimental releases have a file corruption issue.
- Windows: Use the MSI installer available from here
- Linux: Use libewf-legacy build 20140806
- (Windows ONLY) Install pywin32:
pip install pywin32
- Install remaining requirements: use requirements.txt
- Use pip:
pip install -r requirements.txt
- Use pip:
Usage
- Create destination directory
artifact_extractor.exe <source image> <dest dir> [-a <selected artifacts>]
orartifact_extractor.exe -h
for more options
Credits
Joachim Metz and his libraries
John Corcoran for Unix Compatibility