Skip to content

c-sleuth/whatsthatevent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src
src
 
 
build.zig
build.zig
 
 
build.zig.zon
build.zig.zon
 
 
readme.md
readme.md
 
 

Repository files navigation

Whatsthatevent

Small convince tool to lookup windows ids and return triggers them.

Event logs from the following versions are available

  • Win2008
  • Win2012R2
  • Win2016
  • Win10+
  • Win2019
  • Win2000
  • XP
  • Win2003

Building

$ git clone https://github.com/c-sleuth/whatsthatevent.git
$ cd whatsthatevent
$ zig build

Usage

usage: whatsthatevent [-h] [--legacy] event_id

positional arguments:
event_id    event id to query from Win2008, Win2012R2, Win2016 and Win10+, and Win2019

options:
-h, --help  show this help message and exit
--legacy    event id to query from Win2000, XP, and Win2003

Examples

$ whatsthatevent 1100

Event ID: 1100: The event logging service has shut down

$ whatsthatevent --legacy 512

Legacy event ID: 512: Windows NT is starting up

Mentions

Event log ids and descriptions have come from https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

About

Small convince tool to lookup windows ids and return triggers them.

Topics

forensics dfir digital-forensics windows-events forensic-tools

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages