dissect.eventlog

Submodules

• dissect.eventlog.bxml
• dissect.eventlog.evt
• dissect.eventlog.evtx
• dissect.eventlog.exceptions
• dissect.eventlog.utils
• dissect.eventlog.wevt
• dissect.eventlog.wevt_object
• dissect.eventlog.wevtutil

Package Contents

Classes

Evt	Windows Event files for WinOS up until Windows XP
Evtx	Microsoft Event logs
CRIM	Start header of the WEVT_TEMPLATE

class dissect.eventlog.Evt(fh)

Windows Event files for WinOS up until Windows XP

fh

header

start_offset

end_offset

current_record_number

oldest_record_number

flags

__iter__()

class dissect.eventlog.Evtx(fh, path=None)

Microsoft Event logs

path = None

fh

header

count = 0

__iter__()

exception dissect.eventlog.BxmlException

Bases: Error

Common base class for all non-exit exceptions.

exception dissect.eventlog.Error

Bases: Exception

Common base class for all non-exit exceptions.

exception dissect.eventlog.MalformedElfChnkException

Bases: Error

Common base class for all non-exit exceptions.

exception dissect.eventlog.UnknownSignatureException

Bases: Error

Common base class for all non-exit exceptions.

class dissect.eventlog.CRIM(fh: io.BufferedReader)

Start header of the WEVT_TEMPLATE Holds the number of providers inside the template

fh

header

property file_size

Return size of the whole file.

wevt_headers()

Get the WEVT object for a specific provider