Log forensic artifacts as JSON in ECS format.

go install github.com/cuhsat/flog@latest

$ flog [-pqhv] [-D DIRECTORY] [FILE ...]

Available options:

• -D Log directory
• -p Pretty JSON
• -q Quiet mode
• -h Show usage
• -v Show version

Required system commands:

• dotnet

Use scripts/eztools.sh to install Eric Zimmerman's Tools.

Supported artifacts for Windows 7+ systems:

• System Event Logs
• User JumpLists
• User ShellBags
• User Browser Histories

Released under the MIT License.