Release Notes: This is a major code refresh release to catch up with the times. grokevt-builddb has been redesigned to use RegLookup's pyregfi library instead of executing the command line tools. A work-around has been added for the fact that many Linux distributions no longer make case-insensitive filesystem mounts easy. Support jas been added for Python 3. The license has been changed to the GPLv3. There are various Unicode fixes and other bugfixes.
Release Notes: A bug in grokevt-builddb which prevented it from working on certain broken registry configurations was fixed. Other validation was improved and verbose messages were added as well. The default example configuration tree was changed to use paths more commonly found in recent versions of Windows. No feature changes were made in this version.
Release Notes: This is a major release, including several new features. The grokevt-findlogs script was added, which can accurately detect individual log entries in raw binary files (such as memory dumps or disk partitions). The grokevt-dumpmsgs script was added, which can be used to display the log message templates stored in GrokEVT's databases. The man pages were converted to docbook templates.
Release Notes: This is a minor bugfix release. A workaround was made for buggy data (trailing NULs in filenames) sometimes found in registry entries and a reglookup/grokevt-builddb deadlock experienced by some users. No feature changes were made in this version.
Release Notes: Initial Jnicode support has been added. Windows UTF-16 is properly read from logs, and output is optionally produced in UTF-8. A new option has been added for printing log meta information, which is helpful in determining a log's level of corruption. A new script, grokevt-addlog, has been introduced. This allows one to add raw log files to an existing message template database. There is a much improved log parsing algorithm, which works with wrapped and fragmentary logs. Multiple bugfixes and improved exception handling.
Release Notes: This version constitutes a major update in the package. Highlights included an updated .evt parsing algorithm that now includes header and cursor record parsing, large speedups in grokevt-builddb by more intelligent use of reglookup, and the addition of dynamic control set discovery in grokevt-builddb. This update requires an upgrade of RegLookup to version 0.2.2 because of a dependence on features that were buggy in previous releases.
Release Notes: This is an update to be compatible with RegLookup 0.2. It will not work with RegLookup versions prior to 0.2, and older versions of GrokEVT will not work with the newer RegLookup. No other significant changes were made to GrokEVT in this release.
Release Notes: This version fixed installation problems on *BSD systems.