The tool can be reached from:
Forensics -> Forensic Analysis Tools
evtparse.pl is a Windows event file (*.evt) parser, it generates a text csv output from the event files. It's usage is very simple:
-e - specifiy to parse a file
-d - specify to parse a directory
Example:
./evtparse.pl -e /root/Desktop/events/SysEvent.Evt
Webpage: http://code.google.com/p/revealertoolkit/source/browse/trunk/tools/?r=90
No comments:
Post a Comment