evtkit Logo

evtkit

0
Free
Visit Website

evtkit is a tool used for fixing acquired .evt Windows Event Log files in the field of digital forensics. It requires Python 2 (not tested on 3) with no external dependencies. Users can fix .evt files in-place by running evtkit.py on files like AppEvent.Evt and SysEvent.Evt. Additionally, it can find all *.evt files in evt_dir/, copy them to fixed_copy/, and repair them. The tool also offers options such as -h or --help to display the help message, -c or --copy_to_dir to specify the output directory for fixed .evt files, and -q or --quiet to turn off verbosity.

FEATURES

ALTERNATIVES

A portable volatile memory acquisition tool for Linux.

iOS Mobile Backup Xtractor tool for extracting iOS backups.

Windows event log fast forensics timeline generator and threat hunting tool.

Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.

A script to assist in creating templates for VirtualBox to enhance VM detection evasion.

ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.

Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.

DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.