Sunday, November 4, 2012

evtx support pretty much added

Evtx format was a real PITA. Took me way longer than I expected to write the code to parse the offline logs. Not being shown in the UI yet, but I checked in support for reading offline evtx files today. Will only print out the parsed data to the console atm.

https://github.com/brandonprry/volatile_reader

No comments:

Post a Comment