12 tools and resources
A PowerShell module for threat hunting via Windows Event Logs
Recover event log entries from an image by heuristically looking for record structures.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
Windows event log fast forensics timeline generator and threat hunting tool.
Event Log Explorer is a software solution for viewing, analyzing, and monitoring events recorded in Microsoft Windows event logs, offering advanced features and efficient filtering capabilities.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
libevt is a library to access and parse Windows Event Log (EVT) files.