Looking for a good tool to parse and search Windows EVT logs

jakeaw03 · 2009-09-01T17:08:09Z

Hello,I am looking for a good quality tool to use for parsing Windows Event logs. I have used eventlogxp, but I am wondering if there is anything better? I have also used logparser, but I am looking for something along the lines of a Splunk etc. From what I have been told Splunk can't effectivly or correctly parse EVT files from an external system (not local). I am looking for the ability to search in the EVT logs, not just parsing them. Just looking for user experince. Thanks

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by ZambranaJ 16 years ago

12 Posts

8 Users

0 Reactions

1,968 Views

RSS

mobileforensicswales

(@mobileforensicswales)

Reputable Member

Joined: 17 years ago

Posts: 274

10/09/2009 4:58 pm

Have a look at highlighter from Mandiant, that is very good, particularly when looking for time line paterns of activity )

ReplyQuote

ZambranaJ

(@zambranaj)

New Member

Joined: 16 years ago

Posts: 2

10/09/2009 5:35 pm

I have used EventRover from doriansoft in the past, this tool allows you to attach to a network PC or extracted log, and it also allows you to apply custom filters by POI or events.

Regards
😯

ReplyQuote

Page 2 / 2 Prev

Article: The Balance Between Digital Forensic Examiners And Digital Evidence Technicians: Expertise Vs. Efficiency

Can digital forensic labs cut backlogs without cutting ...

By Zoe , 9 hours ago
Prefetch Question

Hello All, I have a question regarding Windows prefet...

By Forensic_Tester , 16 hours ago
Webinar: Collaborative Forensics: Overcoming Challenges In Multi-Jurisdictional Investigations

Discover expert strategies for cross-border investigati...

By Zoe , 1 week ago

8 Forums
15.7 K Topics
92.3 K Posts
156 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed