Evtx Parser Version 1.0.5

There's a new version of my Windows Event Log Parser available for download. Version 1.0.5 comes with faster calculations of CRC32 check sums and support for additional data types.

The most important changes in version 1.0.5 are as follows:

The various CRC32 check sums are now calculated using Digest::CRC, which is more than five times faster than Digest::Crc32. The gain in speed becomes evident when processing a large event log file through evtxinfo.pl. Thanks to Kristinn Gudjonsson for the suggestion.

Mark Woan provided me with a sample file showing proper usage of type 0x12 data objects. This type clearly is a SYSTEMTIME structure. The parser displays the date/time in ISO 8601 format but suppresses the day-of-the-week field.

I've also added support for arrays of HexInt32 and HexInt64 values. Thanks to Christopher Ahearn for providing a sample file.

Archives

Imprint

This blog is a project of:
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
impressum@forensikblog.de

Copyright © 2005-2012 by
Andreas Schuster
All rights reserved.
Powered by Movable Type 5.12