Saturday, December 22, 2012

Backtrack Forensics: evtparse.pl

The tool can be reached from:

Forensics -> Forensic Analysis Tools

evtparse.pl is a Windows event file (*.evt) parser, it generates a text csv output from the event files. It's usage is very simple:

-e - specifiy to parse a file
-d - specify to parse a directory

Example:

./evtparse.pl -e /root/Desktop/events/SysEvent.Evt



Webpage: http://code.google.com/p/revealertoolkit/source/browse/trunk/tools/?r=90

No comments: