Skip to content

arnab-glitch/Registry-Analysis-and-Reporting-Engine

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

RegEx Logo

RegEx Analysis & Reporting Engine (v1.0)

Python-Based DFIR Report Generator • Neon Forensic UI Theme • Built by Arnab Das




🔗 Related Project

Need the acquisition tool to collect Windows registry artifacts?

Related Tool

This is the companion evidence collection tool required before running the analysis engine.


🔍 Overview

RegEx-Analysis is the companion project to the RegEx Portable Registry Acquisition Tool.
This engine takes the collected forensic artifacts, parses the metadata, and automatically generates an interactive neon-themed HTML forensic report.

✔ No installation required
✔ Works on any PC (Windows, Linux, macOS)
✔ Uses only Python + Jinja2
✔ Fully portable for DFIR workflows



🧬 Key Features

  • 🟦 Generates a full interactive HTML forensic report (dark neon theme)
  • 🟩 Parses manifest.json, usb_history.csv, regex_log.txt
  • 🟣 Displays registry hives, hashes, artifacts, and extraction status
  • 🟧 USB device history reconstruction (USBSTOR metadata)
  • 🔵 Searchable + scrollable Evidence Table
  • 🔴 OK/FAIL status badges
  • 🟡 Automatic folder detection (no hard-coded paths)


📁 Repository Structure

RegEx-Analysis/
│
├── generate_report.py
├── README.md
├── LICENSE
│
├── templates/
│   ├── report_template.html
│   ├── report_style.css
│   └── regex_logo.png
│
│
├── evidence/
│   └── .gitignore
│
├── output/
│   └── RegEx_Report.html   (auto-generated)
│
└── docs/
    ├── overview.md
    ├── workflow.md
    └── requirements.md
    
    


⚙️ Installation & Requirements

Install dependencies:

pip install jinja2

Or use:

pip install -r requirements.txt

Requirements:

✔ Python 3.8+
✔ Works offline
✔ No admin rights needed



🚀 How to Use

  1. Place your RegEx evidence folder under:
RegEx-Analysis/evidence/XX-XXXX-001/
  1. Run the report generator:
python generate_report.py
  1. Your final interactive report is generated at:
RegEx-Analysis/output/RegEx_Report.html
  1. Open the HTML file in any browser.


🎨 HTML Report Features

The report contains:

🟦 Overview Tab

  • Case ID
  • Operator
  • Acquisition mode
  • Total evidence
  • Manifest hash
  • Key summary

🟩 USB Artifacts

Lists:

  • Device paths
  • Serial numbers
  • Models
  • Connection events

🟨 Evidence Table

  • Searchable filter
  • OK/FAIL badges
  • SHA256 hashes
  • Source categories

🟥 Log Output

  • Full acquisition logs
  • Time-stamped errors
  • VSS fallback notes


🧪 Example Output

See the /output/ folder for sample reports.


🧑‍💻 Author

Arnab Das
Master’s Student — Cyber Forensics
National Forensic Sciences University



📄 License

This project is licensed under the MIT License.
Feel free to fork, modify, and contribute.



⚡ Part of the RegEx Forensic Analysis Suite • Built for DFIR • Made with ❤️ & Python ⚡

About

Generates interactive forensic reports from RegEx-acquired evidence, including registry hives, USB artifacts, Prefetch metadata, and acquisition logs. Uses Python + Jinja2 for automated Windows forensics reporting.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors