Join Us!

Windows XP Event Lo...
 
Notifications
Clear all

Windows XP Event Logs  

  RSS
jhooker
(@jhooker)
New Member

Is it possible to analyse windows xp event logs using linux based / FOSS tools?

thanks!

Quote
Posted : 13/02/2008 6:55 pm
keydet89
(@keydet89)
Community Legend

Yes. I have written Perl code for analyzing .evt files, that are based on parsing the files on a binary level without using the MS API at all.

ReplyQuote
Posted : 13/02/2008 7:25 pm
keydet89
(@keydet89)
Community Legend

Also, check out PyFlag.

ReplyQuote
Posted : 13/02/2008 7:25 pm
farmerdude
(@farmerdude)
Active Member

jhooker,

Absolutely. Both Delve and grokevt may be used to read EVT files.

regards,

farmerdude

ReplyQuote
Posted : 15/02/2008 7:06 pm
Share: