By Andreas Schuster
Copyright © 2011 int for(ensic){blog;}. All rights reserved. Reproduction for commercial purposes (including online advertisement) interdicted.

There's a new version of my Windows Event Log Parser available for download. Version 1.0.5 comes with faster calculations of CRC32 Check Sums and support for additional data types.

The most important changes in version 1.0.5 are as follows:

The various CRC32 check sums are now calculated using Digest::CRC, which is more than five times faster than Digest::Crc32. The gain in speed becomes evident when processing a large event log file through evtxinfo.pl. Thanks to Kristinn Gudjonsson for the suggestion.

Mark Woan provided me with a Sample File showing proper usage of type 0x12 data objects. This type clearly is a SYSTEMTIME structure. The parser displays the date/time in ISO 8601 format but suppresses the day-of-the-week field.

I've also added support for arrays of HexInt32 and HexInt64 values. Thanks to Christopher Ahearn for providing a sample file.