|
|
|
|
|
|
Edenprime Event File Examiner tool will be available shortly.
Features and capabilities include the following:
- Ability to forensically examine captured offline Windows Event files
- Ability to parse (live) current event files
- Determination and report of header and footer status
- Analysis method determined by header/footer status to maximise recovered event data
- Full individual record decode with offset and hex display
- Ability to simply filter records by date, user, event type or id
- Graphic display of event records timeline
- PC on/off timeline display
- Ability to manually select "records of interest" subset
- HTML Report generation for selected record(s)
This product is in development, and is expected to be available in mid Q4 2009
|
|
|
|
|
