Description: In this video I use the Perl file evtparse.pl to extract information from an .evt file in a Windows XP operating system. The .evt files are used with the Event Viewer in Windows and I was able to pull the information out of the files are redirect them to a text file I created. For more information visit Lecture Snippets at http://lecturesnippets.com
Tags: evtparse.pl , forensic ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system, preventing the files from being deleted or renamed. The EventLog service cannot be stopped because it is required by other services, thus the files are always open.
it was very interesting to extract the information with evtparse.pl
thanks
Tool is Awesome no doubt. Have a look at python code of evtparse.pl
http://code.google.com/p/revealertoolkit/source/browse/trunk/tools/evtparse.pl