xr

command module

v0.0.0-...-597c5f5 Latest Latest Go to latest Published: Apr 23, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/f0x4n6/xr

Links

Open Source Insights

README ¶

NAME

xr - experimental record analyzer

SYNOPSIS

$ cat FILE | xr | uniq | sort

DESCRIPTION

xr is an experimental fast event record analyzer for forensic triaging. It targets to answer two main questions about event logs: WHAT and WHEN did it happen? Contrary to existing tools, it tries to answer these questions by analyzing the raw event record structure, rather than parsing whole event log chunks. By reading from any input stream, xr is capable of carving raw forensic disk images and memory dumps.

INSTALLATION

$ go install go.foxforensics.dev/xr@latest

REFERENCES

Introducing the Microsoft Vista event log file format - Schuster, Andreas
Windows XML Event Log (EVTX) format - Metz, Joachim

Documentation ¶

Overview ¶

Experimental record analyzer.

Usage:

cat FILE | xr | uniq | sort

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL