Skip to content

kkoha/EvtxCarv

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

EvtxCarv

EvtxCarv

 
 

bin

bin

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

AUTHORS

AUTHORS

 
 

COPYING

COPYING

 
 

EvtxCarv.sln

EvtxCarv.sln

 
 

EvtxCarv.suo

EvtxCarv.suo

 
 

README.md

README.md

 
 

Repository files navigation

EvtxCarv

by Chanung Pak, Jaeman Park, HyeonGyu Jang

EvtxCarv is a tool for fragmented Evtx files forensics.

Supported platforms

  • Windows (VS 2010) C++

Usage

Execute EvtxCarv to analyze an image file

EvtxCarv.exe (-r|-c) 'target image path' 'output path'
Options
    --record   (-r)    : Recover by record
    --complete (-c)    : Recover by chunk

Examples of usage

EvtxCarv.exe -c c:\\image.raw c:\\output\\
EvtxCarv.exe -r image.raw output

License

DFRC@KU

Feedback

Please submit feedback via the EvtxCarv tracker

Author: Chanung Pak (kkoha@msn.com)

About

recovers and reconstructs fragmented Evtx files from disk images, memory dumps, pagefiles and unallocated space

Resources

Readme

License

View license
Activity

Stars

11 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages