dissect.eventlog.evt
#
Module Contents#
Classes#
Windows Event files for WinOS up until Windows XP |
Functions#
Requires a chunk that starts with EVENTLOGRECORD header |
Attributes#
- dissect.eventlog.evt.c_evt#
- dissect.eventlog.evt.EVENTLOGRECORD_SIZE#
- dissect.eventlog.evt.Record#
- dissect.eventlog.evt.BLOCK_SIZE = 4096#
- dissect.eventlog.evt.DIRTY_NEEDLE#
- dissect.eventlog.evt.find_needle(fh, needle)#
- dissect.eventlog.evt.parse_record(record, buf)#
- dissect.eventlog.evt.reprsid(s)#
- dissect.eventlog.evt.is_eof_record(record)#
- dissect.eventlog.evt.is_header_record(record)#
- dissect.eventlog.evt.parse_chunk(chunk)#
Requires a chunk that starts with EVENTLOGRECORD header