libevtx Logo

libevtx

0
Free
Visit Website

libevtx is a library to access the Windows XML Event Log (EVTX) format. It provides a way to access and parse EVTXML files, allowing for the extraction of useful information from Windows event logs. The library is written in C and provides a Python binding, making it a useful tool for digital forensics and incident response. It is licensed under the LGPLv3+ and is currently in the alpha stage, with multi-threading support planned for future development. For more information, users can access the project documentation and building instructions on the GitHub wiki.

FEATURES

ALTERNATIVES

GVfs is a userspace virtual filesystem implementation for GIO with various backends and features.

A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.

Orochi is a collaborative forensic memory dump analysis framework.

A shell script for basic forensic collection of various artefacts from UNIX systems.

A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.

Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.

A modified version of GNU dd with added features like hashing and fast disk wiping.

A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.