Home How To Parsing Carved EVTX Records Using EvtxECmd

Parsing Carved EVTX Records Using EvtxECmd

Comments Off on Parsing Carved EVTX Records Using EvtxECmd
0
2,298

Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space, Volume Shadow Copies, carve them from unallocated space with Bulk Extractor, and parse all these EVTX files with Eric Zimmerman’s EvtxECmd.

Load More Related Articles
Load More In How To
Comments are closed.