Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/yarox24/evtkit
Fix acquired .evt - Windows Event Log files (Forensics)
https://github.com/yarox24/evtkit
Last synced: 2 months ago
JSON representation
Fix acquired .evt - Windows Event Log files (Forensics)
- Host: GitHub
- URL: https://github.com/yarox24/evtkit
- Owner: yarox24
- License: mit
- Created: 2016-03-22T21:19:12.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2016-03-29T20:09:29.000Z (almost 9 years ago)
- Last Synced: 2024-08-03T22:04:43.666Z (6 months ago)
- Language: Python
- Size: 7.81 KB
- Stars: 18
- Watchers: 4
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-anti-forensic - evtkit - Windows Event Log files (Forensics) [windows] (Tools / Policies / Logging (Event) / Monitoring)
README
# evtkit
Fix acquired .evt - Windows Event Log files (Forensics)
## Requirements
- Python 2 (not tested on 3)
- no external dependencies
## Usage
Fix in-place 2 files (Make sure you got a copy!):
```
evtkit.py AppEvent.Evt SysEvent.Evt
```
Find all *.evt files in evt_dir/, copy them to fixed_copy/ and repair them:
```
evtkit.py --copy_to_dir=fixed_copy evt_dir
```
## Options
```
-h, --help show this help message and exit
-c COPY_TO_DIR, --copy_to_dir COPY_TO_DIR
Output directory for fixed .evt files.
-q, --quiet Turn off verbosity
```