Re: Workarounds for Windows Event File corruption

> > http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html
>
> Thanks! That's a great resource. I love codeproject, they've often got
> stuff for use in forensics even though they're a developer site. 
>
> I'll check this structure format against my log copy. I ended up
> getting the log date/times via booting an image of the original drive
> which I'd like to avoid in the future. 


I know this thread is about dead, but I thought I would mention that I
have taken it upon myself to try and take Malik's work and build on it
to create a fully working event log parser that runs only on Linux.  I
have a more accurate picture now about how the log records are
formatted, and am in the process of working out how to get the necessary
message resources moved over to Linux.  If anyone is interested in
helping me on this project, or would just like to know more about the
log record format, let me know.

thanks,
tim

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com