diff --git a/README.md b/README.md index 047eb94..65bb34b 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,24 @@ # evtkit Fix acquired .evt - Windows Event Log files (Forensics) -## Help -evtkit v 0.2 (beta) -== https://github.com/yarox24/evtkit ==- -*** Please provide at least one .evt file or directory containing .evt files +## Requirements +- Python 2 (not tested on 3) +- no external dependencies -Examples: +## Usage 1. Fix in-place 2 files (Make sure you got a copy!): - evtkit.py AppEvent.Evt SysEvent.Evt - +``` +evtkit.py AppEvent.Evt SysEvent.Evt +``` 2. Find all *.evt files in evt_dir/, copy them to fixed_copy/ and repair them: - evtkit.py --copy_to_dir=fixed_copy evt_dir +``` +evtkit.py --copy_to_dir=fixed_copy evt_dir +``` + +## Options +``` +-h, --help show this help message and exit +-c COPY_TO_DIR, --copy_to_dir COPY_TO_DIR + Output directory for fixed .evt files. +-q, --quiet Turn off verbosity +```