Grokevt

• grokevt-addlog(1) A tool for adding a raw event log to an existing GrokEVT database.
• grokevt-builddb(1) Builds a database tree based on a single windows system for the purpose of event log conversion.
• grokevt-dumpmsgs(1) A tool for dumping the contents of message databases built previously by grokevt-ripdll(1).
• grokevt-findlogs(1) Attempts to find log file fragments in raw binary files, such as memory dumps and disk images.
• grokevt-parselog(1) Parse a windows event log and generate human-readable output based on message resources stored in a database.
• grokevt-ripdll(1) A tool for extracting message resources from a PE-formatted file.
• grokevt(7) a collection of scripts built for reading windows event log files.