grokevt - Read and process Windows Event Files
GrokEVT is a collection of scripts built for reading Windows NT event
log files. GrokEVT is released under the GNU GPL, and is implemented
in Python. GrokEVT is loosely based on the PHP script and documentation
provided by Jamie French.
Currently the scripts work together on one or more mounted Windows
partitions to extract all information needed (registry entries, message
templates, and log files) to convert the logs to a human-readable format.