tag:blogger.com,1999:blog-9518042.post7256376176250291940..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: EventLog ParsingUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-83147761536627399942009-08-17T18:54:04.468-05:002009-08-17T18:54:04.468-05:00There's a copy on the DVD with WFA 2/e...There's a copy on the DVD with WFA 2/e...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-68232403466026461052009-08-17T18:13:55.721-05:002009-08-17T18:13:55.721-05:00Are you perhaps closer to releasing the code for e...Are you perhaps closer to releasing the code for evtrpt.pl?Endurance trailshttps://www.blogger.com/profile/02980781519874138514noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-29787294943632006062009-03-30T11:03:00.000-05:002009-03-30T11:03:00.000-05:00Not sure if you are aware of the DUMPEL tool from ...Not sure if you are aware of the DUMPEL tool from Windows Resource Kit. it can parse EVT files and dump them to text, including CSV. You can select the number of days that will be dumped from the log file, the event ids and other filtering options.<BR/><BR/>Parsing EVT files with dumpel:<BR/><BR/>dumpel -b -l filename.evtAugusto Barroshttps://www.blogger.com/profile/07226881988039097569noreply@blogger.com