First of all, sorry for the lack of news and updates lately, but RVT is developed with the free and spare time of the members of the team, and I have not had a lot of that in the last months.
RVT v0.2.1 include new features and some little improvements:
- LNK files parsing
- Harlan Carvey, author of the well-known Windows Incident Response blog, has kindly provided us with brilliant Perl code to parse Windows event files (EVT extension). Thus RVT now integrates the script ‘evt’, which can output text versions of the EVT files (script evt generate); it can also generate some stats about each EVT (script evt report). We would like to sincerely thank Harlan for his support and his useful code.
- f-strings: an forensics version of Binutils strings command
- extended shell history
- and all the little changes and corrections published on this blog since v0.2
- updated User Guide
Read The Revealer Toolkit website for more information.
