It has probably happened to you that you want to extract information from the system and turn it into an understandable report. Grokevt is one of these tools that is made up of several scripts. In this article, we will review grokevt and you will learn How to Install Grokevt on Kali Linux. You can visit the packages offered on Eldernode website to purchase Linux VPS server.
Table of Contents
How to Install Grokevt on Kali Linux
What is Grokevt?
Grokevt is a set of scripts that are installed on one or more partitions and work together. These scripts extract information such as registry entries, message patterns, and log files to convert reports into a human-readable format. Grokevt is released under the GNU GPL and implemented in Python.
Installing Grokevt on Kali Linux
In the continuation of this article from the Kali Linux training series, we will review the 3 ways to install grokevt on Kali Linux.
How to Install Grokevt Using apt-get
First update APT database with the following command:
sudo apt-get updateThen install grokevt using the command below:
sudo apt-get -y install grokevtHow to Install Grokevt Using apt
First run the following command to update APT database:
sudo apt updateThen use the following command to install grokevt:
sudo apt -y install grokevtHow to Install Grokevt Using aptitude
To install grokevt using aptitude, you need to install aptitude on Kali Linux. Then update Apt database with the following command:
sudo aptitude updateNow you can install grokevt with the following command:
sudo aptitude -y install grokevtHow to Use Different Tools of Grokevt
1–> Grokevt-addlog: Run the following command to add a raw event log to the existing Grokevt database using this tool:
grokevt-addlog -h2–> Grokevt-builddb: Run the following command to build a database tree based on a Windows system to convert event logs:
grokevt-builddb -h3–> Grokevt-ripdll: Use this tool to extract message sources from a PE format file; To do this use the following command:
grokevt-ripdll -h4–> Grokevt-dumpmsgs: Using this utility, dump the contents of the message database previously created by grokevt-ripdll; run the command below for this purpose:
man grokevt-dumpmsgs5–> Grokevt-findlogs: Run the following command to find log file fragments in raw binary files, such as memory dumps and disk images:
grokevt-findlogs --help6–> Grokevt-parselog: You can parse the Windows event log and generate human-readable output based on the message sources stored in the database. Use the command below:
grokevt-parselog -hFAQ
[sp_easyaccordion id=”38244″]
Conclusion
In this article, we introduced Grokevt, which is a set of scripts that are installed on one or more partitions and work together and you learned How to install Grokevt on Kali Linux. Also we reviewed the different tools of grokevt and how to use them.
