8000 Allow recursive processing of an entire directory of EVTX files as input · Issue #1 · mtth-bfft/evtq · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Allow recursive processing of an entire directory of EVTX files as input #1
New issue
New issue
Open
Open
Allow recursive processing of an entire directory of EVTX files as input#1
@sc-anssi

Description

@sc-anssi
sc-anssi
opened on Jul 3, 2019

When dealing with a folder of EVTX files (collected from an host for offline analysis), it would be nice to be able to point evtq to that folder and have it process all the files recursively instead of having to launch evtq for each file.
In this case (the input is a directory), evtq should enforce the output to be a directory as well where each EVTX file processed as input would generate a JSON/CSV/TSV file as output (input directory structure should be preserved in the output tree)

Ex:
evtq.exe --from-evtx \some\input\dir\with\evtx\ --to-json \some\output\dir

Bonus: the processing of each EVTX file could be multi-threaded !

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0