Home How To Parsing Carved EVTX Records Using EvtxECmd

Parsing Carved EVTX Records Using EvtxECmd

0
0
1,187

Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space, Volume Shadow Copies, carve them from unallocated space with Bulk Extractor, and parse all these EVTX files with Eric Zimmerman’s EvtxECmd.

Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *