- A tool for adding a raw event log to an existing grokevt database.
- Builds a database tree based on a single windows system for the purpose of event log conversion.
- A tool for dumping the contents of message databases built previously by grokevt-ripdll(1).
- Attempts to find log file fragments in raw binary files, such as memory dumps and disk images.
- Parse a windows event log and generate human-readable output based on message resources stored in a database.
- A tool for extracting message resources from a pe-formatted file.
- A collection of scripts built for reading windows event log files.