Update README-DeepBlue.py.md
This commit is contained in:
Eric Conrad
@ -1,2 +1,21 @@
|
||||
### DeepBlue.py
|
||||
# DeepBlue.py
|
||||
|
||||
DeepBlueCLI, ported to Python. Designed for parsing evtx files on Unix/Linux.
|
||||
|
||||
## libevtx
|
||||
|
||||
Requires libevtx: https://github.com/libyal/libevtx
|
||||
|
||||
## Other evtx frameworks
|
||||
|
||||
Note that I tested a few Unix/Linux/Python evtx frameworks.
|
||||
|
||||
This is quite popular: https://github.com/williballenthin/python-evtx
|
||||
|
||||
I ran into trouble with *some* .evtx files, where it would crash with this error:
|
||||
|
||||
```
|
||||
UnicodeDecodeError: 'utf16' codec can't decode bytes in position 0-1: illegal UTF-16 surrogate
|
||||
```
|
||||
|
||||
I found libevtx 'just worked', and had the added benefit of both Python and compiled options.
|
||||
|
||||
Reference in New Issue
Block a user