Comments (4)
joachimmetz
commented on August 19, 2024
Also, I wonder what is the difference between record and recovered_record.
There is not much to it, a "recovered record" is a record that was recovered from the data and not a record that could be accessed via the "regular" structure. Recovery is used to handle corrupted files or remnants of earlier times.
calling libevtx_file_get_recovered_record may fail.
This the intended behaviour. The recovery process looks for basic record structures but does not validate the binary XML (too costly). The call to this function will try to read the binary data and can fail.
from libevtx.
pbrunet
commented on August 19, 2024
Ok, thanks for this information, I will just handle this fail as a possible normal behavior.
And thanks for your work on this lib !!
from libevtx.
ShaneKent
commented on August 19, 2024
Hello! Firstly, thank you for all of the hard work that you've put into this library. My team and I have found an immense amount of usefulness in what you've created.
That being said, do you have any information on the possibility of recovering records that were effectively "cleared." We have an event log file that was cleared via the Windows EventViewer and we're trying to see if there is a way to recover these deleted records.
Any suggestions or ideas? We're not even sure that it's possible...
from libevtx.
joachimmetz
commented on August 19, 2024
Please do not hijack closed issues. I've moved this to: #13
from libevtx.
Related Issues (20)
- for your information: other uses of binary xml HOT 2
- Please provide API functions to retrieve "string_identifiers_array" values, too HOT 9
- possibility of recovering records that were effectively "cleared."? HOT 5
- Unable to make due to changes in libfvalue HOT 3
- Issues using libevtx as a library HOT 3
- Get complete message HOT 4
- Feature Request: "relaxed" mode parsing for use on files recovered from memory HOT 1
- have evtexport handle CRLF platform dependent in embedded in strings HOT 1
- Invalid XML character HOT 5
- add (content) creation time to evtxexport output HOT 1
- CMake HOT 4
- make sure libfvalue was built with libfdatetime and libfwnt support HOT 1
- libfwevt_xml_document_substitute_template_value: unable to retrieve template value: 4 from array. HOT 1
- Link to Token types does not work on Github? HOT 2
- Should the number of chunks be 32-bit? HOT 6
- Should the checksum of chunk be 64-bit? HOT 10
- Please add data types to the information tables HOT 4
- unable to build with visual studio HOT 1
- Unescaped ampersand character in EventXML attribute value output? HOT 11
- libfwevt_xml_document_read_element: invalid template value size value out of bounds. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libevtx.