python-evtx
python-evtx copied to clipboard
williballenthin
Pure Python parser for Windows Event Log files (.evtx)
From a file extracted from memory: ```Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501,...
```Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace) File...
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information. It parses a couple XML records before backtracing. ``` Traceback...
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information: ```Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in...
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information: ``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4,...
hi Willy, I've this issue with `evtx_dump.py` on `Microsoft-Windows-Ntfs%4Operational.evtx` file (from Windows 10) : ```python Traceback (most recent call last): File "/usr/bin/evtx_dump.py", line 42, in main() File "/usr/bin/evtx_dump.py", line 37,...
via @john-corcoran > Apologies for the delayed response - I've checked the original files I sent you and think they're all fine to publish. just need to add private tests...
Thanks for the hard work in this project. It's really helpful. I just have one problem to report, when I try and parse the Windows EVTX file 'CAPI2' I get...
Hello, during HTB CTF 2023 I have noticed that the evtx_dump.py (nor evtx_dump_json) has the complete data. There is event in attached sysmon log about executing "rclone", but it is...
New commits address missing data within Event XML so that all necessary information is pulled from log data. Prior commits only pulled EventRecordID from within System section. New upgrades pull...
Metadata
Owner
Metadata
Pure Python parser for Windows Event Log files (.evtx)