Windows Event Log Trick-Shots in Rust!
Windows event logs never get old as a go to evidence source and I have some new trick-shots for you! Need to process an insane number of event logs quickly for large scale searching? Not only will I show you how, I will show you how some other common tools stack up in comparison. Empty event log? Let me show you how you can recover records from empty pages. It’s not always a lot, but sometimes it can make the difference! Additionally, I will show some other fancy evtx tricks using open source libraries and tools that can even assist you with things outside of evtx. Best of all, all the tools and libraries I show you are in Rust.
Matthew Seyer (@forensic_matt) is a Manager at KPMG, LLP. He has obtained both a Bachelor and Associate in Digital Forensics at OSU and Richland College. Mr. Seyer enjoys research and development, and is currently interested in large data systems for storing forensic artifacts for the purpose of correlation, analysis, and analytics. Currently he codes primarily in Rust and Python. Matthew Seyer is also one of the hosts of the Forensic Lunch, a webcast that covers digital forensics topics Fridays at noon (CST) on YouTube.