EvtxCarv

2015. 2. 4. 09:17 from 카테고리 없음

EvtxCarv

by Chanung Pak, Jaeman Park, HyeonGyu Jang


EvtxCarv is a tool for fragmented Evtx files forensics.


Supported platforms


  • Windows (VS 2010) C++

Usage

Execute EvtxCarv to analyze an image file

EvtxCarv.exe (-r|-c) 'target image path' 'output path'
Options
    --record   (-r)    : Recover by record
    --complete (-c)    : Recover by chunk

Examples of usage

EvtxCarv.exe -c c:\\image.raw c:\\output\\
EvtxCarv.exe -r image.raw output

License

DFRC@KU

Feedback

Please submit feedback via the EvtxCarv tracker

Author: Chanung Pak (kkoha@msn.com)


Download

https://github.com/kkoha/EvtxCarv/

저작자표시
Posted by kkoha :

티스토리툴바