Skip to content

Finds event logs between two time points. Useful for helpdesk/support/malware analysis.

License

Notifications You must be signed in to change notification settings

BeanBagKing/EventFinder2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Feb 26, 2019
d1157aa · Feb 26, 2019

History

24 Commits
Feb 26, 2019
Jan 27, 2019
Jan 28, 2019
Jan 28, 2019
Jan 28, 2019
Jan 30, 2019
Feb 15, 2019

Repository files navigation

EventFinder2

Finds event logs between two time points. Useful for support/malware analysis.

Blog: https://nullsec.us/eventfinder2-finding/

About

This program allows you to mark (or set) a beginning and end time period, then grabs all events between those periods. It dumps these to a sorted CSV on the desktop.

This program will not read certain logs (Security, Sysmon) without Administrator privileges.

The precursor to this, written in PowerShell, can be found here: https://github.com/BeanBagKing/EventFinder This was re-written in C# due to the sheer number of events that were written to PowerShell logs when using the script

Example Use Cases

Support teams can mark a begin time, and perform an action that may cause a crash or other problem on a workstation. Then mark the end and dump the logs to determin what might have happened.

A security analyst could use this to run malware (in a contained environment) and determin via logs what this malware did and in what order, which may be used to create IOC's

Detailed Usage

  • Open a as Administrator
  • In the resulting window, click Start Time button
  • Perform whatever action that you want to see events for
  • Click the End Time button - At this point (or any other), the time periods can be manually adjusted
  • Click Find Events
  • Wait while the program generates a CSV of found events on the current desktop - File name will be "Logs_Runtime_<datestamp>_<runtime>.csv"

Demonstration Video

Thanks to Richard Davis of 13cubed for doing a short on usage and demoing the tool!

EventFinder2 Demo

Screenshot Time!

EventFinder

About

Finds event logs between two time points. Useful for helpdesk/support/malware analysis.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages