Home How To Carving EVTX

Carving EVTX


Quentin Jerome from RawSec shared an article on carving Windows Event Logs in EVTX format. He gives a short overview of the EVTX file format, presents carving pseudo-algorithm and a bunch of experiments.

Load More Related Articles
  • C2 Hunting

    Here is the latest post by Jack Crook (@jackcr) in which he discusses detecting and/or hun…
  • How to perform AWS Cloud Forensics

    Here is a nice overview of EC2 instances volume and memory acquisition process, plus some …
  • Forensic Review with Notepad++

    In this post Hoyt Harness writes about how to add Plugin Manager to Notepad++ and make it …
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *