sysprofiler -windows disk images profiling

Sysprofiler is a Bash script that uses a combination of existing tools and manual processing to extract these artifacts and output them into either a Tab Separated (TSV) file, which can be opened as a spreadsheet, or a plaintext (TXT) file that can be opened in Word Processing software and edited directly into a report. All of the tools used by sysprofiler in the way the script uses them will run natively on Linux. This means that sysprofiler will run on a Linux system, or using WSL on Windows. It is not locked into one specific platform.

Many existing tools are used by this script, including:

  • TSK (
  • RegRipper (
  • Parse::Win32Registry (
  • pwdump (
  • pylnker (

some of the current module are osinfo – extract OS information:

  • Volume Name
  • Volume Serial Number
  • Filesystem
  • Size(bytes)
  • Windows Version
  • Service Pack
  • Owner
  • Organisation
  • Install Date
  • Hostname
  • Timezone
  • Timezone Offset

users – list user accounts on the system:

  • Username
  • SID
  • Full Name
  • Comment
  • Account Created
  • Last Login
  • Login Count
  • Password Set
  • Password Last Reset
  • Last Incorrect Password Entry
  • Password Hint
  • Flags
  • Groups

apps – lists apps installed on the system for all users (from Installer and Uninstall Registry keys):

  • Registry Key
  • User SID
  • Application
  • Version
  • Company
  • Install Date

You can read more and download the disk image

Notify of
Inline Feedbacks
View all comments