Skip to content
/ evtkit Public

Fix acquired .evt - Windows Event Log files (Forensics)

License

Notifications You must be signed in to change notification settings

yarox24/evtkit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

evtkit

Fix acquired .evt - Windows Event Log files (Forensics)

Requirements

  • Python 2 (not tested on 3)
  • no external dependencies

Usage

Fix in-place 2 files (Make sure you got a copy!):

evtkit.py AppEvent.Evt SysEvent.Evt

Find all *.evt files in evt_dir/, copy them to fixed_copy/ and repair them:

evtkit.py --copy_to_dir=fixed_copy evt_dir

Options

-h, --help                                 show this help message and exit
-c COPY_TO_DIR, --copy_to_dir COPY_TO_DIR
                                           Output directory for fixed .evt files.
-q, --quiet                                Turn off verbosity

About

Fix acquired .evt - Windows Event Log files (Forensics)

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages