# williballenthin/evtxtract

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/williballenthin-evtxtract).**

212 stars · 24 forks · Python · Apache-2.0

## Links

- GitHub: https://github.com/williballenthin/EVTXtract
- awesome-repositories: https://awesome-repositories.com/repository/williballenthin-evtxtract.md

## Description

EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.

## Tags

### Part of an Awesome List

- [File Carving](https://awesome-repositories.com/f/awesome-lists/security/file-carving.md) — Carves Windows Event Log files from raw binary data.