Saturday, December 22, 2012

Backtrack Forensics:

The tool can be reached from:

Forensics -> Forensic Analysis Tools is a Windows event file (*.evt) parser, it generates a text csv output from the event files. It's usage is very simple:

-e - specifiy to parse a file
-d - specify to parse a directory


./ -e /root/Desktop/events/SysEvent.Evt


No comments: