evtkit

evtkit is a specialized tool designed for fixing acquired Windows Event Log files within the field of digital forensics.

This tool requires Python 2 (it has not been tested on Python 3) and does not have any external dependencies. Users can repair .evt files directly by executing evtkit.py on files such as AppEvent.Evt and SysEvent.Evt. Furthermore, it can locate all *.evt files within the evt_dir/ directory, copy them to the fixed_copy/ directory, and perform repairs on them.

The tool also provides various options, including -h or --help to show the help message, -c or --copy_to_dir to set the output directory for fixed .evt files, and -q or --quiet to disable verbosity.