Cross-platform, open-source shellbag parser
updated at April 4, 2024, 3:27 p.m.
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
updated at April 14, 2024, 1:56 p.m.
Pure Python parser for classic Windows Event Log files (.evt)
updated at May 9, 2024, 2:01 a.m.