evtkit is a tool used for fixing acquired .evt Windows Event Log files in the field of digital forensics. It requires Python 2 (not tested on 3) with no external dependencies. Users can fix .evt files in-place by running evtkit.py on files like AppEvent.Evt and SysEvent.Evt. Additionally, it can find all *.evt files in evt_dir/, copy them to fixed_copy/, and repair them. The tool also offers options such as -h or --help to display the help message, -c or --copy_to_dir to specify the output directory for fixed .evt files, and -q or --quiet to turn off verbosity.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.