Bug#705327: grokevt-parselog: support operation without a database
pabs at debian.org
Sat Apr 13 07:15:03 UTC 2013
grokevt-parselog requires a database, but I just received some
standalone .evtx files that I want to dump and I don't have access to
the Windows partition that they are from. It would be nice if grokevt
could parse standalone .evtx files.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the forensics-devel