{"id":13791303,"url":"https://github.com/williballenthin/LfLe","last_synced_at":"2025-05-12T10:31:29.168Z","repository":{"id":4566984,"uuid":"5708301","full_name":"williballenthin/LfLe","owner":"williballenthin","description":"Recover event log entries from an image by heurisitically looking for record structures.","archived":false,"fork":false,"pushed_at":"2015-10-09T17:31:14.000Z","size":203,"stargazers_count":27,"open_issues_count":1,"forks_count":13,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-05-11T08:56:19.528Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/williballenthin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-09-06T20:46:20.000Z","updated_at":"2024-09-23T04:01:30.000Z","dependencies_parsed_at":"2022-09-07T20:22:33.999Z","dependency_job_id":null,"html_url":"https://github.com/williballenthin/LfLe","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/williballenthin%2FLfLe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/williballenthin%2FLfLe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/williballenthin%2FLfLe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/williballenthin%2FLfLe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/williballenthin","download_url":"https://codeload.github.com/williballenthin/LfLe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253719931,"owners_count":21952921,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T22:00:58.492Z","updated_at":"2025-05-12T10:31:28.867Z","avatar_url":"https://github.com/williballenthin.png","language":"Python","funding_links":[],"categories":["Tools"],"sub_categories":["Policies / Logging (Event) / Monitoring"],"readme":"LfLe\n====\n\nRecover event log entries from an image by heurisitically looking for record structures.\n\nDependencies\n------------\n  - argparse (http://pypi.python.org/pypi/argparse available via easy_install/pip)\n\nUsage\n-----\nUse this tool to extract event log messages from an image file by looking for things\nthat appear to be records.  Then, feed the resulting file into an event log viewer,\nsuch as Event Log Explorer (http://www.eventlogxp.com/, use \"direct\" mode when opening).\n\n\n    usage: lfle.py [-h] [-v] [-s] input_path output_path\n    \n    Recover event log entries from an image by heurisitically looking for record\n    structures.\n    \n    positional arguments:\n      input_path   Path to a raw (dd) image file.\n      output_path  Path to write output file that contains recovered event log\n                   entries.\n    \n    optional arguments:\n      -h, --help   show this help message and exit\n      -v           Print debugging messages during scanning.\n      -s           Disable status messages (percent complete) during scanning.\n\nSample Output\n-------------\n    evt/LfLe - [master●] » python lfle.py \"/media/truecrypt2/VM/Windows XP Professional - Service Pack 3 - TEMPLATE/Windows XP Professional - Service Pack 3-cl1.vmdk\" recovered.evt\n    100% complete% done\n    Wrote 5413 records\n    Skipped 48 records with length greater than 0x10000\n    Skipped 12 records with length less than 0x30\n    Skipped 14 records with invalid structure\n    Skipped 1 records with invalid content\n\nLimitations\n-----------\nThis tool supports only EVT/WinXP style event log messages.  It does not support recovering\nEVTX/Win7 style event log messages.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwilliballenthin%2FLfLe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwilliballenthin%2FLfLe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwilliballenthin%2FLfLe/lists"}