GrokEVT is a collection of scripts built for reading Windows NT event log files. GrokEVT is released under the GNU GPL, and is implemented in Python. GrokEVT is loosely based on the PHP script and documentation provided by Jamie French.
Currently the scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
Product's homepage
Requirements:
· RegLookup
· Python
What's New in This Release: [ read full changelog ]
· This is a major code refresh release to catch up with the times. grokevt-builddb has been redesigned to use RegLookup's pyregfi library instead of executing the command line tools. A work-around has been added for the fact that many Linux distributions no longer make case-insensitive filesystem mounts easy. Support jas been added for Python 3. The license has been changed to the GPLv3. There are various Unicode fixes and other bugfixes.
Find us on Google+
