EVTX
This is a parser for the Windows EVTX format.
Note that it is complete as in the sense that it successfully parses a wide variety of samples, but I've yet to implement the full specification.
This uses almost 100% safe rust, the only exception being memory mapping input files to gain seek ergonomics. But otherwise the entire parser is safe!
Example usage:
use EvtxParser;
Benchmarking
Initial benchmarking that I've performed indicates that this implementation is very fast.
It crunches through a 30MB .evtx file (around 227K records) in around 21 milliseconds.
License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.