evtxtools

This package aims to be a collection of tools for forensic analysis of evtx files

evtxscan

Finds time skews in an evtx file

Example

Usage

``` evtxscan 0.2.0 Find time skews in an evtx file

USAGE: evtxscan [OPTIONS]

ARGS: name of the evtx file to scan

OPTIONS: -h, --help Print help information

-N, --negative-tolerance <NEGATIVE_TOLERANCE>
        negative tolerance limit (in seconds): time skews to the past below this limit will be
        ignored [default: 5]

-S, --show-records
        display also the contents of the records befor and after a time skew

-V, --version
        Print version information

```

evtxcat

Displays one or more events from an evtx file.

Example

Usage

``` evtxcat 1.1.0 Display one or more events from an evtx file

USAGE: evtxcat [OPTIONS]

ARGS: Name of the evtx file to read from

OPTIONS: -F, --format [possible values: json, xml] -h, --help Print help information -i, --id show only the one event with this record identifier --max filter: maximal event record identifier --min filter: minimal event record identifier -T, --hide-table don't display the records in a table format -V, --version Print version information ```