Enhancing Event Log Analysis with EvtxECmd using KAPE

March 30, 2021 | (Online)
Webcast , Countries

How much time are you spending manually parsing and sorting event logs? With EvtxECmd, digital forensics professionals can optimize Windows event log analysis through its unique mapping feature. Created by Eric Zimmerman, EvtxECmd can be called via the EZParser module in KAPE (another tool created by Eric Zimmerman) to process thousands of events in seconds and create structured CSV files that are much easier to read and manipulate.

In this session, Kroll’s Andrew Rathbun will demonstrate how to run EvtxECmd through KAPE to expedite event log analysis and how to create your own custom maps. 

Watch the on-demand Webcast Now.

Key Takeaways

  • Understand the basic KAPE workflow with the EZParser module that calls EvtxECmd 
  • The general outputs from EZParser and how they are formatted 
  • How EvtxEcmd’s unique mapping feature works 
  • What a map looks like with EvtxECmd and how to create one on your own

Tools used in this session:


Speaker: Andrew Rathbun, Senior Associate, Cyber Risk, Kroll

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Kroll Artifact Parser And Extractor (KAPE)

Find, collect and process forensically useful artifacts in minutes.

Kroll Responder

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.