OSForensics™ now inlcudes the Event Log Viewer, which allows users to view and examine event logs created by Windows Vista and beyond. It supports event logs with file extension .evtx located in the %System32%\winevt\Logs directory.
Some of the main features are:
- Allows to scan a drive or folder for loading a few Windows Event logs from different systems
- Supports Windows built-in Event Viewer-like viewing mode and advanced timeline chart view
- Advanced filtering options to locate interesting events quickly
- Customizable preset lists to filter forensically interesting Event IDs
- Supports Regular Expressions pattern search to peform a comprehensive analysis
- Export events to CSV, TXT or HTML
