Sentinel Chicken Networks  

GrokEVT Project News

2011-06-20 - Version 0.5.0 Released

This is a major code refresh release to catch up with the times. Changes include:
  • Redesigned grokevt-builddb to use RegLookup's pyregfi library instead of executing the command line tools
  • Added work-around for the fact that many Linux distributions no longer make case-insensitive filesystem mounts easy
  • Support for Python 3
  • Changed license to GPLv3
  • Various unicode and other bug fixes

2008-03-20 - Version 0.4.1 Released

This is a minor bug fix release, including including the following small changes:
  • Fixed a bug in grokevt-builddb which prevented it from working on certain broken registry configurations. Improved other validation and added verbose messages as well.
  • Changed the default example configuration tree to use paths more commonly found in recent versions of Windows.
No feature changes were made in this version.

2007-03-29 - Version 0.4.0 Released

This is a major release, including several new features:
  • Added grokevt-findlogs script, which can accurately detect individual log entries in raw binary files (such as memory dumps or disk partitions).
  • Added grokevt-dumpmsgs script, which can be used to display the log message templates stored in GrokEVT's databases.
  • Converted man pages to docbook templates.

2007-02-27 - Version 0.3.1 Released

This is a minor bugfix release. Changes include:
  • Added a workaround for buggy data (trailing NULs in filenames) sometimes found in registry entries.
  • Fixed a reglookup/grokevt-builddb deadlock experienced by some users.
No feature changes were made in this version.

2006-05-24 - Version 0.3.0 Released

This version constitutes a major update to the package. Changes include:
  • Added initial unicode support. Windows UTF-16 is properly read from logs and output is optionally produced in UTF-8.
  • Added new option for printing log meta information, which is helpful in debugging and in determining a log's level of corruption.
  • A new script, grokevt-addlog, has been introduced. This allows one to add raw log files to an existing message template database, which is useful for analyzing deleted log fragments obtained from disk blocks or memory dumps.
  • Improved extraction of messages from DLLs.
  • Updated log parsing algorithm. This much more correct implementation now has initial support for wrapped log files and should fair better with fragmentary logs.
  • Multiple bug fixes and improved exception handling.
Due to minor changes in the message database format, databases generated with older versions are not compatible with this new version, and databases generated with this new release will not work with older releases. If this presents a major problem for some users, a conversion script may be released later to update older databases.

2005-10-03 - Version 0.2.0 Released

This version constitutes a major update in the package. Highlights include:
  • Updated .evt parsing algorithm. An incremental step toward a fully correct one, which now includes header and cursor record parsing.
  • Large speedup in grokevt-builddb by more intelligent use of reglookup.
  • Added dynamic control set discovery in grokevt-builddb.
This update requires an upgrade of RegLookup to version 0.2.2 because of a dependence on features that were buggy in previous releases.

2005-08-07 - Version 0.1.2 Released

This is an update to be compatible with RegLookup 0.2. It will not work with RegLookup versions prior to 0.2, and older versions of GrokEVT will not work with the newer RegLookup. No other significant changes were made to GrokEVT in this release.

2005-07-08 - Version 0.1.1 Released

This version fixes installation problems on *BSD systems. Nothing else changed.

2005-07-02 - Version 0.1 Released

Download it and let me know how it works for you. So far I have only tested it against W2K from Linux, and I don't have any other windows versions available to me right now, so any help would be greatly appreciated. Enjoy.

2005-06-19 - Mailing List Operational

Finally got the mailing list set up. Please read the instructions before using.

2005-05-28 - Project Website Posted

Got the site up. Still need to set up a mailing list, and make a release.

printer friendly
Also available in IPv6.