Skip to content

Commit

Permalink
Add executable & update readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@stuxnet999
stuxnet999 committed Sep 16, 2021
1 parent cafd173 commit afbda05
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 3 deletions.
Binary file added EventTranscriptParser.exe
View file
Binary file not shown.
42 changes: 39 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,27 @@ These are the required python libraries/modules needed to run the script
+ os
+ argparse

All the above modules are available by default in python3 except **Pandas**.

To install pandas, use `pip` via command prompt/terminal.

```sh
pip install pandas
```

### Usage

The tool is completely CLI based.
**Tip**: Before running the tool against the database, make sure that the **-wal (Write Ahead Log)** file data is merged with the original database. Because you might miss out on crucial/juicy data.

The tool is completely CLI based and there are 2 ways to use it.

#### Using Python

```python
python EventTranscriptParser.py -f <Path-To-EventTranscript.db> -o <Path-To-Output-Directory>
```
![usage](./img/usage.png)

**Tip**: Before running the tool against the database, make sure that the **-wal (Write Ahead Log)** file data is merged with the original database. Because you might miss out on crucial/juicy data.

To view help,
```
Expand All @@ -47,6 +58,31 @@ python EventTranscriptParser.py -h

![help](./img/help.png)

#### Using Executable

If you do not have python pre-installed in you system or have issues with the running the script, you can use the compiled executable. The executable is also CLI based.

Download the executable from https://github.com/stuxnet999/EventTranscriptParser/releases

```sh
.\EventTranscriptParser.exe -f .\EventTranscript.db -o .\CSV-Output\
```

![exe-usage](./img/exe-usage.png)

The executable was compiled using `pyinstaller` version **4.5.1**.

#### Compiling on your own

If you wish to compile on your own, use the commands below in any command prompt/terminal window.

```sh
pip install pyinstaller
pyinstaller --onefile EventTranscriptParser.py
```

You will find the compiled executable in the `dist` directory.

### Acknowledgements

This tool wouldn't have been possible without the excellent research & hard work put in by my colleagues [Andrew Rathbun](https://twitter.com/bunsofwrath12) & [Josh Mitchell](https://www.linkedin.com/in/josh-mitchell-0990ba6a/) in investigating the Windows Diagnostic Data.
Expand All @@ -60,4 +96,4 @@ Follow the investigative series at Kroll on EventTranscript.db - https://www.kro
Abhiram Kumar

+ Twitter: [@_abhiramkumar](https://www.twitter.com/_abhiramkumar)
+ Personal blog: https://stuxnet999.github.io
+ Personal blog: https://stuxnet999.github.io
Binary file added img/exe-usage.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit afbda05

Please sign in to comment.