-
When importing .evtx files from windows event viewer. The Timestamp field stays empty.
The timestamp information is crucial in some log audits.
-
Hi,
When i would like to get a file as Security.evtx (windows logs events .evtx) with the following code:
file = open('Security.evtx', 'wb')
conn.retrieveFileFromOffset('Logs', 'Security.evtx', file)…
-
I appreciate that chainsaw was written to support evtx files, but is there any way to also support Mac logs too? Or has anyone ever run across a tool like chainsaw for Mac?
-
I'm currently trying to figure out how to detect this kind of behavior. However the tweet is sadly not available anymore!
Anyond has a copy or hints for detecting this kind of behavior?
-
Move over to https://github.com/omerbenamram/pyevtx-rs
-
Add more info to the report:
* The Watson bucket id are logged in event log. If possible, you should ask the customer to share the %SystemRoot%\System32\Winevt\Logs\Application.evtx file. The event…
-
### Add Support for EVTX Files
**Feature Request:** Implement EVTX file support in `toolong` for importing, and reading Windows Event Viewer logs.
**Why This Matters:**
- **Relevance:** EVTX i…
-
You have done the community a _huge_ service... This is a great utility.
I have, however, found what may be an interesting edge case. In rolling out a Windows Event Collection/Forwarding (WEC/WEF)…
-
Hi,
I'm seeing exception Evtx.BinaryParser.OverrunBufferException raised unexpectedly when parsing event logs "Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx", "Microsoft…
-
Hi Willi,
You will find below the traceback i met with the last release.
Scenario : Windows 2008
traceback evtxtract :
```
evtxtract raw_image.001 > evtxcarving.xml
INFO:evtxtract.carve…