Skip to content
/ PCAParser Public

A python script that parses and converts the .txt files from C:\Windows\appcompat\pca (Windows 11) to CSV files

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bolisettynihith/PCAParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
img
img
 
 
LICENSE
LICENSE
 
 
PCAParser.py
PCAParser.py
 
 
README.md
README.md
 
 

Repository files navigation

PCAParser

A Python script that parses and converts the .txt files from C:\Windows\appcompat\pca (Windows 11 22H2) to CSV files

Dependencies

These are the required libraries needed to run this script.

  • argparse
  • csv
  • os
  • datetime

Usage

This is a CLI based tool.

$ python PCAParser.py -i C:\Windows\appcompat\pca

Usage

To view help:

$ python PCAParser.py -h

help

References

Code Inspiration

Fyi, If you are in SOC/MDR, Andrew Rathbun's PowerShell script can be used to run directly on a remote Windows using the Remote execution capabilities provided by the EDR/XDR.

This script is prepared with my customizations, to help me during analysis of this artifact in investigations.

About

A python script that parses and converts the .txt files from C:\Windows\appcompat\pca (Windows 11) to CSV files

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages