Fix acquired .evt - Windows Event Log files (Forensics)
- Python 2 (not tested on 3)
- no external dependencies
Fix in-place 2 files (Make sure you got a copy!):
evtkit.py AppEvent.Evt SysEvent.Evt
Find all *.evt files in evt_dir/, copy them to fixed_copy/ and repair them:
evtkit.py --copy_to_dir=fixed_copy evt_dir
-h, --help show this help message and exit
-c COPY_TO_DIR, --copy_to_dir COPY_TO_DIR
Output directory for fixed .evt files.
-q, --quiet Turn off verbosity