±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36459
New Yesterday: 3 Visitors: 133

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Windows XP Event Logs

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

jhooker
Member
 

Windows XP Event Logs

Post Posted: Feb 13, 08 18:55

Is it possible to analyse windows xp event logs using linux based / FOSS tools?

thanks!  
 
  

keydet89
Senior Member
 

Re: Windows XP Event Logs

Post Posted: Feb 13, 08 19:25

Yes. I have written Perl code for analyzing .evt files, that are based on parsing the files on a binary level without using the MS API at all.  
 
  

keydet89
Senior Member
 

Re: Windows XP Event Logs

Post Posted: Feb 13, 08 19:25

Also, check out PyFlag.  
 
  

farmerdude
Senior Member
 

Re: Windows XP Event Logs

Post Posted: Feb 15, 08 19:06

jhooker,

Absolutely. Both Delve and grokevt may be used to read EVT files.

regards,

farmerdude  
 

Page 1 of 1