Forensics Artifact Extractor & Parser is an intelligent and completely automated digital forensics tool designed to extract and parse artifacts from forensic disk images, especially E01 files. Just load the image and let the tool do everything: extract, process, and generate parsed outputs using industry-standard tools — all in one click.

It’s built for DFIR professionals, forensic analysts, and cybersecurity researchers who want speed, reliability, and automation while investigating E01 images.

• 📂 Full Artifact Extraction from .E01 images
• 🧰 Built-in Integration with top tools:
  • RegRipper
  • AmcacheParser
  • Hindsight
  • EvtxECmd
  • MFTECmd
  • and many more...
• 📜 Auto-parsing of:
  • NTUSER.DAT, SAM, SYSTEM, SOFTWARE
  • Amcache.hve, SRUDB.dat, Prefetch
  • Event Logs, Web History, etc.
• 🖥️ Clean GUI (or CLI optional)
• 🧾 Consolidated and human-readable output
• 📁 Saves parsed output with proper timestamped folders
• ⏱️ Minimal manual intervention

Figure 1: Dashboard

Figure 2: Disk Partitions

Figure 3: Processing of image

• Python 3.10+
• pip
• Windows OS (Recommended for tool compatibility)
• Admin permissions
• Postgres DB

1. Option A

git clone https://github.com/sujayadkesar/FAEP.git
cd FAEP
pip install -r requirements.txt
python FAEP_GUI.py

2. Option B (recommended) Direct installer (exe)

Then, follow the GUI prompts to:

1. Load .E01 file
2. Choose Output Directory
3. Hit Process All
4. Parsed results will be saved in ParsedArtifacts/YYYY-MM-DD_HH-MM/

You can also run in headless mode for batch automation. (Docs coming soon)

PRs and suggestions are welcome! Please fork the repository and open an issue or submit a pull request.

• Akhil Dara
• Jnana Ramakrishna
• Eric Zimmerman Tools
• Hindsight by Ryan Benson
• RegRipper by Harlan Carvey

digital forensics, E01 parser, amcache parser, registry parser, forensic automation tool, DFIR, hindsight automation, SRUM parser, artifact extractor, python forensic tool, AutoForenParse, Forensic artifacts parser