evtx-python

Quick evtx files parsing using: https://github.com/omerbenamram/evtx

Setup environment:

python -m venv venv_evtx-python
source venv_evtx-python/bin/activate
pip install evtx

Usage

python .\evtx-parser.py -h
usage: evtx-parser.py [-h] --eventids EVENTIDS [EVENTIDS ...] --file FILE [--show-all] [--search SEARCH]

Parse evtx files by EventID

options:
  -h, --help            show this help message and exit
  --eventids EVENTIDS [EVENTIDS ...], -ids EVENTIDS [EVENTIDS ...]
                        EventID to parse, can be a list of IDs separated by a space. Example: --eventids 1149
  --file FILE, -f FILE  Path for evtx file
  --show-all            Show all event data
  --search SEARCH       search for a specific string in the EventData

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

evtx-python

Setup environment:

Usage

Files

README.md

Latest commit

History

README.md

File metadata and controls

evtx-python

Setup environment:

Usage