grokevt-0.5.0-2.fc29.i686.rpm


Advertisement

Description

grokevt - Read and process Windows Event Files

Property Value
Distribution Fedora 29
Repository CERT Forensics Tools i386
Package filename grokevt-0.5.0-2.fc29.i686.rpm
Package name grokevt
Package version 0.5.0
Package release 2.fc29
Package architecture i686
Package type rpm
Category Applications/Forensics Tools
Homepage http://projects.sentinelchicken.org/grokevt/
License GPL
Maintainer -
Download size 56.31 KB
Installed size 145.40 KB
GrokEVT is a collection of scripts built for reading Windows NT event
log files. GrokEVT is released under the GNU GPL, and is implemented
in Python. GrokEVT is loosely based on the PHP script and documentation
provided by Jamie French.
Currently the scripts work together on one or more mounted Windows
partitions to extract all information needed (registry entries, message
templates, and log files) to convert the logs to a human-readable format.

Alternatives

Package Version Architecture Repository
grokevt-0.5.0-2.fc29.x86_64.rpm 0.5.0 x86_64 CERT Forensics Tools
grokevt - - -

Requires

Name Value
/usr/bin/python2 -
/usr/bin/sh -
python(abi) = 2.7

Provides

Name Value
grokevt = 0.5.0-2.fc29
grokevt(x86-32) = 0.5.0-2.fc29
python2.7dist(grokevt) = 0.5
python2dist(grokevt) = 0.5

Download

Type URL
Mirror forensics.cert.org
Binary Package grokevt-0.5.0-2.fc29.i686.rpm
Source Package grokevt-0.5.0-2.fc29.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-29 rpm:
    https://forensics.cert.org/cert-forensics-tools-release-29.rpm
  2. Install cert-forensics-tools-release-29 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install grokevt rpm package:
    # dnf --enablerepo=forensics install grokevt

Files

Path
/usr/bin/grokevt-addlog
/usr/bin/grokevt-builddb
/usr/bin/grokevt-dumpmsgs
/usr/bin/grokevt-findlogs
/usr/bin/grokevt-parselog
/usr/bin/grokevt-ripdll
/usr/etc/grokevt/systems/example/system-registry
/usr/etc/grokevt/systems/example/drives/c:
/usr/etc/grokevt/systems/example/drives/d:
/usr/etc/grokevt/systems/example/path-vars/%SystemDrive%
/usr/etc/grokevt/systems/example/path-vars/%SystemRoot%
/usr/lib/python2.7/site-packages/grokevt-0.5-py2.7.egg-info
/usr/lib/python2.7/site-packages/grokevt.py
/usr/lib/python2.7/site-packages/grokevt.pyc
/usr/lib/python2.7/site-packages/grokevt.pyo
/usr/share/doc/grokevt/grokevt-addlog.1.docbook
/usr/share/doc/grokevt/grokevt-builddb.1.docbook
/usr/share/doc/grokevt/grokevt-dumpmsgs.1.docbook
/usr/share/doc/grokevt/grokevt-findlogs.1.docbook
/usr/share/doc/grokevt/grokevt-parselog.1.docbook
/usr/share/doc/grokevt/grokevt-ripdll.1.docbook
/usr/share/doc/grokevt/grokevt.7.docbook
/usr/share/doc/grokevt/devel/format.txt
/usr/share/doc/grokevt/devel/references.txt
/usr/share/doc/grokevt/man/
/usr/share/doc/grokevt/man/man1/grokevt-addlog.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-builddb.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-dumpmsgs.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-findlogs.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-parselog.1.gz
/usr/share/doc/grokevt/man/man1/grokevt-ripdll.1.gz
/usr/share/doc/grokevt/man/man7/grokevt.7.gz
/usr/share/man/man1/grokevt-addlog.1.gz
/usr/share/man/man1/grokevt-builddb.1.gz
/usr/share/man/man1/grokevt-dumpmsgs.1.gz
/usr/share/man/man1/grokevt-findlogs.1.gz
/usr/share/man/man1/grokevt-parselog.1.gz
/usr/share/man/man1/grokevt-ripdll.1.gz
/usr/share/man/man7/grokevt.7.gz

See Also

Package Description
guymager-0.8.11-2.fc29.i686.rpm Imager for forensic media acquisition
hachoir-core-1.3.4-1.fc29.noarch.rpm Library for carving binary files
hachoir-metadata-1.3.3-2.fc29.noarch.rpm Extracts metadata from multimedia files
hachoir-parser-1.3.5-1.fc29.noarch.rpm File format parser fo hachoir suite
hachoir-regex-1.0.5-1.fc29.noarch.rpm A Python library for regular expression (regex or regexp) manupulation
hachoir-subfile-0.5.3-1.fc29.noarch.rpm A tool based on hachoir-parser to find subfiles in any binary stream
hachoir-urwid-1.1-1.fc29.noarch.rpm A binary file explorer based on Hachoir library to parse the files
hachoir-wx-0.3.1-1.fc29.noarch.rpm A wxWidgets-based program that provides a user-friendly interface to hachoir-parser
jafat-1.1.6-2.fc29.i686.rpm JAFAT is an assortment of tools to assist in the forensic investigation of computer systems
jdkshim-1.0-1.fc29.noarch.rpm jdkshim - this package provides the dependencies neede by Oracle's JDK that are not provided by coreutils in Fedora 29
kracked-0.1-1.fc29.i686.rpm kracked - create word lists from files
libagdb-20181101-1.i686.rpm Library to access the Windows SuperFetch database (AGDB) file format
libagdb-devel-20181101-1.i686.rpm Header files and libraries for developing applications for libagdb
libagdb-tools-20181101-1.i686.rpm Several tools for accessing Windows SuperFetch database (AGDB) files
libavdevice-4.0.2-8.fc29.i686.rpm Special devices muxing/demuxing library
Advertisement
Advertisement