Skip to content

foxforensics/xr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

NAME

xr - experimental record analyzer

SYNOPSIS

$ cat FILE | xr | uniq | sort

DESCRIPTION

xr is an experimental fast event record analyzer for forensic triaging. It targets to answer two main questions about event logs: WHAT and WHEN did it happen? Contrary to existing tools, it tries to answer these questions by analyzing the raw event record structure, rather than parsing whole event log chunks. By reading from any input stream, xr is capable of carving raw forensic disk images and memory dumps.

INSTALLATION

$ go install go.foxforensics.dev/xr@latest

REFERENCES

SEE ALSO

dd(1), cat(1), uniq(1), sort(1)

About

xr is an experimental fast event record analyzer.

pkg.go.dev/go.foxforensics.dev/xr

Topics

go windows experimental analyzer record xr evtx event-logs forensics-tool

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages