-
Would be nice to have the .evtx logs as CSV to put them in Excel to be able to use filtering like we can with the MSDT outputs.
-
```
Traceback (most recent call last):
File "/usr/local/bin/evtx_dump.py", line 4, in
__import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py')
File "/usr/lib/python2.7…
-
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information:
```Traceback (most recent call last):
File "/usr/local/bin/evtx_dump.py…
-
```
git clone --recursive --recurse-submodule https://github.com/nasbench/EVTX-ETW-Resources.git
```
Results…
-
Hi!
Based on evtxmon I tried to come up with a minimal monitoring tool myself:
```
package main
import (
"log"
"github.com/0xrawsec/golang-evtx/evtx"
)
func main() {
ef, err := e…
-
Thanks for the hard work in this project. It's really helpful.
I just have one problem to report, when I try and parse the Windows EVTX file 'CAPI2' I get the error below. Is there a workaround p…
-
When discussing the role of the Brimcap plugin as part of #2785, I thought about how the plugin system was first introduced in #1573 to handle pcaps but hasn't yet been used for other data sources. Gi…
-
`$ ./target/release/hayabusa csv-timeline -f ../hayabusa-sample-evtx/YamatoSecurity/Sysmon/Sysmon-27-BlockExeWrite_AbusingCertutil.evtx`
の状態からusageみたいなものを(他のオプションなど)を表示することが可能なら、便利かもしれない。
今は、
…
-
Hi team,
Is it possible to ingest a windows .evtx file which is not part of any eventchannel?
Example use cases:
1) In a Forensic Investigation where installing a wazuh agent isn’t possible bu…
-
The following errors occur for the program when I run it. Previously it was running perfectly fine but now it doesn't get corrected.
Does anyone have any ideas on how to correct these?
```
Trace…
ghost updated
4 years ago