@qjerome qjerome released this Nov 28, 2017 · 5 commits to master since this release

Assets 8

Description

Fixed Version 1.1 of the following tools:

  • evtxdump: utility to dump evtx files
  • evtxmon: utility to monitor evtx files and dump events as soon as they appears in the monitored EVTX file

Changes

  • Fixed uint16 overflow in chunk parsing, evtxdump is now able to parse files with 65535 chunks.
  • Fixed uint16 overflow in MonitorEvents
  • Ability to retrieve already existing events in MonitorEvents via SetMonitorExisting method of EvtxFile object
  • evtxmon able to retrieve already existing events via -e switch
  • Compresses the output when written into a file using evtxmon
  • evtxdump can display stats with the -s switch
  • The Channel attribute of an event is now accessible through a Channel() function of GoEvtxMap