How much time are you spending manually parsing and sorting event logs? With EvtxECmd, digital forensics professionals can optimize Windows event log analysis through its unique mapping feature. Created by Eric Zimmerman, EvtxECmd can be called via the EZParser module in KAPE (another tool created by Eric Zimmerman) to process thousands of events in seconds and create structured CSV files that are much easier to read and manipulate.
In this session, Kroll’s Andrew Rathbun will demonstrate how to run EvtxECmd through KAPE to expedite event log analysis and how to create your own custom maps.
Watch the on-demand Webcast Now.
Key Takeaways
- Understand the basic KAPE workflow with the EZParser module that calls EvtxECmd
- The general outputs from EZParser and how they are formatted
- How EvtxEcmd’s unique mapping feature works
- What a map looks like with EvtxECmd and how to create one on your own
Tools used in this session:
- KAPE – free download here
- Eric Zimmerman tools – https://ericzimmerman.github.io/
Speaker: Andrew Rathbun, Senior Associate, Cyber Risk, Kroll