grokevt-0.5.0-2.fc25.x86_64.rpm


Advertisement

Description

grokevt - Read and process Windows Event Files

Property Value
Distribution Fedora 25
Repository CERT Forensics Tools x86_64
Package name grokevt
Package version 0.5.0
Package release 2.fc25
Package architecture x86_64
Package type rpm
Installed size 145.41 KB
Download size 56.64 KB
Official Mirror forensics.cert.org
GrokEVT is a collection of scripts built for reading Windows NT event
log files. GrokEVT is released under the GNU GPL, and is implemented
in Python. GrokEVT is loosely based on the PHP script and documentation
provided by Jamie French.
Currently the scripts work together on one or more mounted Windows
partitions to extract all information needed (registry entries, message
templates, and log files) to convert the logs to a human-readable format.

Alternatives

Package Version Architecture Repository
grokevt-0.5.0-2.fc25.i686.rpm 0.5.0 i686 CERT Forensics Tools
grokevt - - -

Requires

Name Value
/usr/bin/env -
/usr/bin/python -
python(abi) = 2.7

Provides

Name Value
grokevt = 0.5.0-2.fc25
grokevt(x86-64) = 0.5.0-2.fc25
python2.7dist(grokevt) = 0.5
python2dist(grokevt) = 0.5

Download

Type URL
Binary Package grokevt-0.5.0-2.fc25.x86_64.rpm
Source Package grokevt-0.5.0-2.fc25.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-25 rpm:
    https://forensics.cert.org/cert-forensics-tools-release-25.rpm
  2. Install cert-forensics-tools-release-25 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install grokevt rpm package:
    # dnf --enablerepo=forensics install grokevt

Files

Path
/usr/bin/grokevt-addlog
/usr/bin/grokevt-builddb
/usr/bin/grokevt-dumpmsgs
/usr/bin/grokevt-findlogs
/usr/bin/grokevt-parselog
/usr/bin/grokevt-ripdll
/usr/etc/grokevt/systems/example/system-registry
/usr/etc/grokevt/systems/example/drives/c:
/usr/etc/grokevt/systems/example/drives/d:
/usr/etc/grokevt/systems/example/path-vars/%SystemDrive%
/usr/etc/grokevt/systems/example/path-vars/%SystemRoot%
/usr/lib/python2.7/site-packages/grokevt-0.5-py2.7.egg-info
/usr/lib/python2.7/site-packages/grokevt.py
/usr/lib/python2.7/site-packages/grokevt.pyc
/usr/lib/python2.7/site-packages/grokevt.pyo
/usr/share/doc/grokevt/grokevt-addlog.1.docbook
/usr/share/doc/grokevt/grokevt-builddb.1.docbook
/usr/share/doc/grokevt/grokevt-dumpmsgs.1.docbook
/usr/share/doc/grokevt/grokevt-findlogs.1.docbook
/usr/share/doc/grokevt/grokevt-parselog.1.docbook
/usr/share/doc/grokevt/grokevt-ripdll.1.docbook
/usr/share/doc/grokevt/grokevt.7.docbook
/usr/share/doc/grokevt/devel/format.txt
/usr/share/doc/grokevt/devel/references.txt
/usr/share/doc/grokevt/man/
/usr/share/doc/grokevt/man/man1/grokevt-addlog.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-builddb.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-dumpmsgs.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-findlogs.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-parselog.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-ripdll.1.gz
/usr/share/doc/grokevt/man/man7/grokevt.7.gz
/usr/share/man/man1/grokevt-addlog.1.gz
/usr/share/man/man1/grokevt-builddb.1.gz
/usr/share/man/man1/grokevt-dumpmsgs.1.gz
/usr/share/man/man1/grokevt-findlogs.1.gz
/usr/share/man/man1/grokevt-parselog.1.gz
/usr/share/man/man1/grokevt-ripdll.1.gz
/usr/share/man/man7/grokevt.7.gz

Changelog

2011-06-22 - Lawrence Rogers <lrr@cert.org> 0.5.0-2
* Release 0.5.0-2
Man pages incorrectly formatted
2011-06-20 - Lawrence Rogers <lrr@cert.org> 0.5.0-1
* Release 0.5.0-1
This is a major code refresh release to catch up with the times. Changes include:
Redesigned grokevt-builddb to use RegLookup's pyregfi library instead of executing the command line tools
Added work-around for the fact that many Linux distributions no longer make case-insensitive filesystem mounts easy
Support for Python 3
Changed license to GPLv3
Various unicode and other bug fixes

See Also

Package Description
guymager-0.8.1-1.fc25.x86_64.rpm Imager for forensic media acquisition
guymager-0.8.4-1.fc25.x86_64.rpm Imager for forensic media acquisition
guymager-0.8.7-1.fc25.x86_64.rpm Imager for forensic media acquisition
guymager-0.8.7-2.fc25.x86_64.rpm Imager for forensic media acquisition
guymager-0.8.8-1.fc25.x86_64.rpm Imager for forensic media acquisition
hachoir-core-1.3.4-1.fc25.noarch.rpm Library for carving binary files
hachoir-metadata-1.3.3-2.fc25.noarch.rpm Extracts metadata from multimedia files
hachoir-parser-1.3.5-1.fc25.noarch.rpm File format parser fo hachoir suite
hachoir-regex-1.0.5-1.fc25.noarch.rpm A Python library for regular expression (regex or regexp) manupulation
hachoir-subfile-0.5.3-1.fc25.noarch.rpm A tool based on hachoir-parser to find subfiles in any binary stream
hachoir-urwid-1.1-1.fc25.noarch.rpm A binary file explorer based on Hachoir library to parse the files
hachoir-wx-0.3.1-1.fc25.noarch.rpm A wxWidgets-based program that provides a user-friendly interface to hachoir-parser
ip4r-2.0.2-1.fc25.x86_64.rpm IPv4 and IPv4 range index types for PostgreSQL
jafat-1.1.6-2.fc25.x86_64.rpm JAFAT is an assortment of tools to assist in the forensic investigation of computer systems
kracked-0.1-1.fc25.x86_64.rpm kracked - create word lists from files
Advertisement
Advertisement