Skip to content
Simplified evtx parser...entirely based on @EricRZimmerman's excellent work
Branch: master
Clone or download
Pull request Compare This branch is 2 commits ahead, 9 commits behind EricZimmerman:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
EvtxECmd
evtx.Test
evtx
.gitattributes
.gitignore
README.md
README.pdf
evtx.sln
evtx.v3.ncrunchsolution

README.md

Introduction

simple-evtx is a fork of @EricRZimmerman's excellent Event log parser and command line tool.

Whilst I use the original version with the maps functionality I also need a really simple version, one that only provides the payload, and minimal other data for when I have lots (20+ hosts) of Event logs to parse, aggregate, and then search, resulting in a CSV file of over 20 GB. The output from simple-evtx allows me to use LogViewer to get rid of noise, reducing the data set, then as I have the JSON payload I can use sift or grep to pull out precise items from the JSON payload.

The only other change than removing columns and maps is to allow the selection of from/to timestamps using the --from and --to parameters.

Note: this tool is designed to implement a different workflow to EvtxCmd, and not replace it ;-)

You can’t perform that action at this time.