Quentin Jerome from RawSec shared an article on carving Windows Event Logs in EVTX format. He gives a short overview of the EVTX file format, presents carving pseudo-algorithm and a bunch of experiments.

Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *