evtwalk ?is a command line tool that can parse Windows event logs from all versions of Windows starting with Windows XP. This includes Vista, Windows 7, Windows 8 and the server counterparts.
The output is presented with one event record per line and includes a couple of formatting options. Under the hood,? evtwalk ?uses the same eventlog parsing engine as? http://tzworks.net/prototype_page.php?proto_id=4"> style="margin: 0px; padding: 0px;">evtx_view . As a command line tool,? evtwalk ?can easily be incorporated into any analysts' processing work-flow by automating the execution of? evtwalk ?via any scripting language.
evtwalk ?allows one to generate reports of specific event log artifacts, such as USB plug-n-play events, user credential changes, password changes, logon/logoff events, etc. If one of the available report options does not address an analyst's needs, there is an option for the user to generate his/her own custom report to be used and processed.