Enhancing Event Log Analysis with EvtxEcmd using KAPE скачать в хорошем качестве

Enhancing Event Log Analysis with EvtxEcmd using KAPE

How much time are you spending manually parsing and sorting event logs? With EvtxECmd, digital forensics professionals can optimize Windows event log analysis through its unique mapping feature. Created by Eric Zimmerman, EvtxECmd can be called via the EZParser module in KAPE (another tool created by Eric Zimmerman) to process thousands of events in seconds and create structured CSV files that are much easier to read and manipulate. In this session, Kroll’s Andrew Rathbun demonstrates how to run EvtxECmd through KAPE to expedite event log analysis and how to create your own custom maps. This webinar covers: Understand the basic KAPE workflow with the EZParser module that calls EvtxECmd The general outputs from EZParser and how they are formatted How EvtxEcmd’s unique mapping feature works What a map looks like with EvtxECmd and how to create one on your own Tools used in this session: KAPE – free download here Eric Zimmerman tools – https://ericzimmerman.github.io/ More about Andrew Rathbun:   / andrewrathbun   Learn more about KAPE: https://www.kroll.com/en/services/cyb...