`dissect.eventlog.evt`¶

Module Contents¶

Classes¶

Windows Event files for WinOS up until Windows XP

Functions¶

`find_needle`
`parse_record`
`reprsid`
`is_eof_record`
`is_header_record`
`parse_chunk`	Requires a chunk that starts with EVENTLOGRECORD header

Attributes¶

`c_evt`
`EVENTLOGRECORD_SIZE`
`Record`
`BLOCK_SIZE`
`DIRTY_NEEDLE`

dissect.eventlog.evt.c_evt¶

dissect.eventlog.evt.EVENTLOGRECORD_SIZE¶

dissect.eventlog.evt.Record¶

dissect.eventlog.evt.BLOCK_SIZE = 4096¶

dissect.eventlog.evt.DIRTY_NEEDLE¶

class dissect.eventlog.evt.Evt(fh)¶

Windows Event files for WinOS up until Windows XP

__iter__()¶

dissect.eventlog.evt.find_needle(fh, needle)¶

dissect.eventlog.evt.parse_record(record, buf)¶

dissect.eventlog.evt.reprsid(s)¶

dissect.eventlog.evt.is_eof_record(record)¶

dissect.eventlog.evt.is_header_record(record)¶

dissect.eventlog.evt.parse_chunk(chunk)¶: Requires a chunk that starts with EVENTLOGRECORD header