Difference between pages "Windows XML Event Log (EVTX)" and "Aimage"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
m
 
Line 1: Line 1:
{{expand}}
+
{{Infobox_Software |
 +
  name = aimage |
 +
  maintainer = [[Simson Garfinkel]], [[Basis Technology]] |
 +
  os = {{Linux}} |
 +
  genre = {{Disk imaging}} |
 +
  license = {{Original BSD license}} |
 +
}}
  
The Windows XML Event Log (EVTX) format was introduces in [[Windows|Windows Vista]] as a replacement for the [[Windows Event Log (EVT)]] format.
+
'''aimage''' (the '''advanced imager''') was an [[imaging]] tool that was part of [[AFF]].
  
Windows EventViewer can represent the EVTX files in both "formatted view" and "XML view". Note that the formatted view can hide significant event data that is stored in the event and can be seen in the XML view.
+
'''aimage''' can create files in raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. [[aimage]]  can optionally compress and calculate [[MD5]] or [[SHA-1]] hash residues while the data is being copied. It had intelligent error recovery, similar to what is in [[ddrescue]].
  
== See Also ==
 
* [[Windows Event Log (EVT)]]
 
* [[Windows]]
 
  
== External Links ==
+
'''aimage'' was withdrawn from support (December 25, 2010)
=== File Format ===
+
* [http://msdn.microsoft.com/en-us/library/cc231282(v=prot.10).aspx EventLog Remoting Protocol Version 6.0 Specification], by [[Microsoft]]
+
* [http://msdn.microsoft.com/en-us/library/cc231354.aspx Simple BinXml Example], by [[Microsoft]]
+
* [http://computer.forensikblog.de/mt/mt-search.cgi?IncludeBlogs=3&tag=Evtx&limit=20 int for(ensic){blog;} - results tagged Evtx], by [[Andreas Schuster]]
+
* [http://www.dfrws.org/2007/proceedings/p65-schuster_pres.pdf Introducing the Microsoft Vista Event Log File Format], by [[Andreas Schuster]] in 2007
+
* [http://computer.forensikblog.de/en/2010/10/linking-event-messages-and-resource-dlls.html Linking Event Messages and Resource DLLs], by [[Andreas Schuster]] in 2010
+
* [http://code.google.com/p/libevtx/downloads/detail?name=Windows%20XML%20Event%20Log%20%28EVTX%29.pdf Windows XML Event Log (EVTX) format], by the [[libevtx|libevtx project]]
+
  
=== Event Identifiers ===
+
Linux distributions that packaged '''image''' are encouraged to drop it and package guymager instead.
* [http://eventid.net/ EventID.net]
+
  
=== Windows Vista/2008 ===
+
===See Also===
* [http://support.microsoft.com/kb/947226 Description of security events in Windows Vista and in Windows Server 2008]
+
* [[How_to_image_an_IDE_disk_with_aimage_and_FreeBSD]]
 
+
=== Windows 7 ===
+
* [http://msdn.microsoft.com/en-us/magazine/ee412263.aspx Core OS Events in Windows 7, Part 1]
+
* [http://msdn.microsoft.com/en-us/magazine/ee358703.aspx Core Instrumentation Events in Windows 7, Part 2]
+
 
+
== Tools ==
+
* [http://computer.forensikblog.de/files/evtx/Parse-Evtx-current.zip Evtx Parser]
+
* [[libevtx]]
+
* [[log2timeline]]
+
* [http://technet.microsoft.com/en-us/library/cc749339.aspx wevtutil]
+
* [http://www.microsoft.com/en-us/download/details.aspx?id=24659 LogParser]
+
 
+
[[Category:File Formats]]
+

Latest revision as of 20:26, 21 October 2013

aimage
Maintainer: Simson Garfinkel, Basis Technology
OS: Linux
Genre: Disk imaging
License: Original BSD license
Website: {{{website}}}

aimage (the advanced imager) was an imaging tool that was part of AFF.

aimage can create files in raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. aimage can optionally compress and calculate MD5 or SHA-1 hash residues while the data is being copied. It had intelligent error recovery, similar to what is in ddrescue.


'aimage was withdrawn from support (December 25, 2010)

Linux distributions that packaged image are encouraged to drop it and package guymager instead.

See Also