grokevt-findlogs
scripts for reading Microsoft Windows event log files
Install
- All systems
-
curl cmd.cat/grokevt-findlogs.sh
- Debian
-
apt-get install grokevt - Ubuntu
-
apt-get install grokevt - Kali Linux
-
apt-get install grokevt - Windows (WSL2)
-
sudo apt-get updatesudo apt-get install grokevt - Raspbian
-
apt-get install grokevt - Dockerfile
- dockerfile.run/grokevt-findlogs
grokevt
scripts for reading Microsoft Windows event log files
GrokEVT is a collection of scripts built for reading Microsoft Windows NT/2000/XP/2003 event log files. Currently the scripts work together on one or more mounted Microsoft Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. This program is useful in forensics investigations.