It is a tool to analyze and visualize Event Log (EVTX) of Windows 7 & 10 and to derive meaningful information.
The EVTXRENSIC project was initiated on the basis of the issues addressed in KDFS 2017.
Windows Event Log analysis enables you to understand not only the user's behavior but also the state in which the system is operating, so that it can be used effectively in company audit, incident response, malicious code analysis, and confidential leakage in digital forensic analysis.
However, in most digital forensic investigations, it is more difficult to derive meaningful information from the Windows Event Log analysis. This is because Windows has different event IDs per version, and there is not enough effective technology in the Windows event log to filttering the necessary records and investigate.
— Introductions KDFS 2017 Challenge, Korea Digital Forensic Research Center.
Collaboration with Kim, Shin Ah