Skip to content

the-siegfried/py-evtx-ripper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
tests/data
tests/data
 
 
xml_utils
xml_utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.ini
config.ini
 
 
evtx-ripper.py
evtx-ripper.py
 
 

Repository files navigation

py-evtx-ripper

A command line wrapper for the python-evtx library. Includes support for the following features:

  • Collection of one or many evtx files from a given path.
  • 'Concurrent' processing of multiple files.
  • Export to CSV
  • Export to SQLite database.
  • Separation of SQLite databases by filename or the writing of all events to a single database.

Why?

I needed a fairly low-tech solution to enable analysts to quickly parse and extract evtx event logs in environments without EventViewer, with the ability only pull out events of interest.

How to use it:

-f --force  # for forcing command line events over the discovered config file.
-c --cores  # for selecting the number of cores/concurrent files to process.
-C --csv    # for selecting the csv parser.
-d --db     # for selecting the db parser.

-s --sep    # for seperating the db parser output.

-i --input  # input path or directory.
-o --output # output path.

-e --interested_events # for accepting windows event ids to filter by.

Example:

python evtx-ripper.py -d -i "C:\Users\the-siegfried\Events" -o "C:\Users\the-siegfried\output"

About

A command line wrapper for the python-evtx library.

Topics

forensics cybersecurity event-log evtx

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v.0.1.0-alpha Latest
Aug 16, 2022

Packages

No packages published

Languages