Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Mar | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
Categories
Latest Postings
- 26. March 2012: Log Parser
- 18. March 2012: Creating a Home Email Server
- 27. December 2011: Working with WinFE
- 27. December 2011: Editing Existing WinFE
- 20. December 2011: Creating WinFE Boot Disc
- 6. December 2011: Bitlocker Decryption with Known Key without Admin Privileges
- 1. July 2011: Dual Boot Windows 7 (encrypted) with Ubuntu 11.04 (encrypted)
- 3. May 2011: EnCase7 Quick Look
- 30. March 2011: Volatile Memory and Logs
- 11. November 2010: Is your anti-virus completely cleaning?
Links
Author Archive
Log Parser
26. March 2012 by Ric.
Had an instance where Log2timeline would not work on .evtx files for what ever reason. Decided to try Log Parser v2.2 and it works. I had a bunch of .evtx files and wanted to parse them into one .xlsx file for easy sorting and searching.
I used the command line:
logparser -i:EVT -o:CSV "SELECT * FROM e:\directory\*.*" > c:\output.csv
Haven’t figured out how to recursively pass through multiple directories.
Ric
Posted in Logs | No Comments »