Built with the tools and technologies:
RDP-BitmapCache_Parser is a digital forensics tool crafted to parse and reconstruct image data from bitmap cache files generated during Remote Desktop Protocol (RDP) sessions. These cache files often contain partial screenshots or graphical artifacts of previously viewed content during a remote session.
This tool is especially useful in forensic investigations, where recovered bitmap cache fragments can provide visual evidence of user activity on a remote system—even if the session data or logs have been deleted.
Ensure you have the following:
- Python 3.10 <
- Clone the repository:
git clone https://github.com/sujayadkesar/RDP-BitmapCache_Parser.git cd RDP-BitmapCache_Parser```
⚙️ Usage Run the parser using:
python RDP-BitmapCache_ParserA GUI will appear allowing you to load, parse, and visualize bitmap cache files with ease.