0

Is it possible to parse exported or saved .evtx files and get relevant information (Xml details)of Windows 10 Event Logs using System.Diagnostics.EventLog class in visual studio.

I need to develop a tool which can extract forensically relevant eventlog information. If Not, what are the alternatives?

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
  • Welcome to stack overflow. Wonder if the developing that tool is a requirement. [There seems to be tools](https://www.forensicswiki.org/wiki/Windows_XML_Event_Log_(EVTX)) that externally can open that file format. That being said, I dont see how this is related to any specific IDE – Cleptus Nov 10 '18 at 12:18
  • Yes, developing that tool is a requirement.I need to extract certain relevant event id's and display on my tool. But I doubt whether is it possible to give an exported or saved event log as input file and use System.Diagnostics.EventLog class in C#. Kindly help me clear my doubt. – Sharika R Nair Nov 10 '18 at 12:26

1 Answers1

0

You could use the powershell cmdlet Get-WinEvent to extract information from an evtx file. This can be called also from a C# program using System.Management.Automation.

Klaus Gütter
  • 11,151
  • 6
  • 31
  • 36
  • is System.Management.Automation used to use cmdlet via c#??? I am a newbie so dont have much idea about programming. By using powershell cmdlet via C# we can extract info from .evtx and is it possible to display that in my GUI using C#? – Sharika R Nair Nov 10 '18 at 15:55
  • Yes. See this question https://stackoverflow.com/questions/41680833/using-powershell-in-c-sharp – Klaus Gütter Nov 10 '18 at 16:08
  • one last doubt friend, is database required to store the extracted information to display it in my GUI? – Sharika R Nair Nov 10 '18 at 16:43
  • Required? No. Why should it? Depends on your application, though. – Klaus Gütter Nov 10 '18 at 16:56
  • @SharikaRNair If you want to store the information in a database, you would require a database. You could store the information whenever you want (text files, xml, database, a custom file format) it depends on how you design your application. – Cleptus Nov 12 '18 at 09:19