grokevt-0.5.0-2.fc25.i686.rpm


Advertisement

Description

grokevt - Read and process Windows Event Files

Distribution: Fedora 25
Repository: CERT Forensics Tools i386
Package name: grokevt
Package version: 0.5.0
Package release: 2.fc25
Package architecture: i686
Package type: rpm
Installed size: 145.41 KB
Download size: 56.58 KB
Official Mirror: forensics.cert.org
GrokEVT is a collection of scripts built for reading Windows NT event log files. GrokEVT is released under the GNU GPL, and is implemented in Python. GrokEVT is loosely based on the PHP script and documentation provided by Jamie French. Currently the scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

Alternatives

Requires

Provides

  • grokevt = 0.5.0-2.fc25
  • grokevt(x86-32) = 0.5.0-2.fc25
  • python2.7dist(grokevt) = 0.5
  • python2dist(grokevt) = 0.5

    Download

    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
      https://forensics.cert.org/cert-forensics-tools-release-25.rpm
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install grokevt rpm package:
      # dnf --enablerepo=forensics install grokevt

    Files

    • /usr/bin/grokevt-addlog
    • /usr/bin/grokevt-builddb
    • /usr/bin/grokevt-dumpmsgs
    • /usr/bin/grokevt-findlogs
    • /usr/bin/grokevt-parselog
    • /usr/bin/grokevt-ripdll
    • /usr/etc/grokevt/systems/example/system-registry
    • /usr/etc/grokevt/systems/example/drives/c:
    • /usr/etc/grokevt/systems/example/drives/d:
    • /usr/etc/grokevt/systems/example/path-vars/%SystemDrive%
    • /usr/etc/grokevt/systems/example/path-vars/%SystemRoot%
    • /usr/lib/python2.7/site-packages/grokevt-0.5-py2.7.egg-info
    • /usr/lib/python2.7/site-packages/grokevt.py
    • /usr/lib/python2.7/site-packages/grokevt.pyc
    • /usr/lib/python2.7/site-packages/grokevt.pyo
    • /usr/share/doc/grokevt/grokevt-addlog.1.docbook
    • /usr/share/doc/grokevt/grokevt-builddb.1.docbook
    • /usr/share/doc/grokevt/grokevt-dumpmsgs.1.docbook
    • /usr/share/doc/grokevt/grokevt-findlogs.1.docbook
    • /usr/share/doc/grokevt/grokevt-parselog.1.docbook
    • /usr/share/doc/grokevt/grokevt-ripdll.1.docbook
    • /usr/share/doc/grokevt/grokevt.7.docbook
    • /usr/share/doc/grokevt/devel/format.txt
    • /usr/share/doc/grokevt/devel/references.txt
    • /usr/share/doc/grokevt/man/
    • /usr/share/doc/grokevt/man/man1/grokevt-addlog.1.gz
    • /usr/share/doc/grokevt/man/man1/grokevt-builddb.1.gz
    • /usr/share/doc/grokevt/man/man1/grokevt-dumpmsgs.1.gz
    • /usr/share/doc/grokevt/man/man1/grokevt-findlogs.1.gz
    • /usr/share/doc/grokevt/man/man1/grokevt-parselog.1.gz
    • /usr/share/doc/grokevt/man/man1/grokevt-ripdll.1.gz
    • /usr/share/doc/grokevt/man/man7/grokevt.7.gz
    • /usr/share/man/man1/grokevt-addlog.1.gz
    • /usr/share/man/man1/grokevt-builddb.1.gz
    • /usr/share/man/man1/grokevt-dumpmsgs.1.gz
    • /usr/share/man/man1/grokevt-findlogs.1.gz
    • /usr/share/man/man1/grokevt-parselog.1.gz
    • /usr/share/man/man1/grokevt-ripdll.1.gz
    • /usr/share/man/man7/grokevt.7.gz

    Changelog

    2011-06-22 - Lawrence Rogers <lrr@cert.org> 0.5.0-2 * Release 0.5.0-2 Man pages incorrectly formatted

    2011-06-20 - Lawrence Rogers <lrr@cert.org> 0.5.0-1 * Release 0.5.0-1 This is a major code refresh release to catch up with the times. Changes include: Redesigned grokevt-builddb to use RegLookup's pyregfi library instead of executing the command line tools Added work-around for the fact that many Linux distributions no longer make case-insensitive filesystem mounts easy Support for Python 3 Changed license to GPLv3 Various unicode and other bug fixes

    Advertisement
    Advertisement