evtxexport - Online in the Cloud

PROGRAM:

NAME

evtxexport — exports items stored in a Windows XML EventViewer Log (EVTX) file

SYNOPSIS

evtxexport [-c codepage] [-f format] [-l log_file] [-m mode] [-p message_files_path]
[-r registy_files_path] [-s system_file] [-S software_file] [-t event_log_type]
[-hTvV] source

DESCRIPTION

evtxexport is a utility to export items stored in a Windows XML EventViewer Log (EVTX) file

evtxexport is part of the libevtx package. libevtx is a library to access the Windows XML
EventViewer Log (EVTX) file

source is the source file.

The options are as follows:

-c codepage
specify the codepage of ASCII strings, options: ascii, windows-874, windows-932,
windows-936, windows-949, windows-950, windows-1250, windows-1251, windows-1252
(default), windows-1253, windows-1254, windows-1255, windows-1256, windows-1257 or
windows-1258

-f format
output format, options: xml, text (default)

-h shows this help

-l log_file
specify the file in which to log information about the exported items

-m mode
export mode, option: all, items (default), recovered 'all' exports the (allocated)
items and recovered items, 'items' exports the (allocated) items and 'recovered'
exports the recovered items

-p message_files_path
search PATH for the resource files (default is the current working directory)

-r registy_files_path
name of the directory containing the SOFTWARE and SYSTEM (Windows) Registry file

-s system_file
filename of the SYSTEM (Windows) Registry file This option overrides the path
provided by -r

-S software_file
filename of the SOFTWARE (Windows) Registry file This option overrides the path
provided by -r

-t event_log_type
event log type, options: application, security, system if not specified the event
log type is determined based on the filename.

-T use event template definitions to parse the event record data

-v verbose output to stderr

-V print version

ENVIRONMENT

None

Use evtxexport online using onworks.net services