RP Log Tracker

RP Log Tracker v1.0

This tool can parse "change.log.*" file of Restore Point in Windows XP.

A input of this tool is the path of folder storing "change.log.*" files and these "change.log.*" file's time information(Create Time, Last Modified Time) should be maintained. So, Encase is recommended to acquire source files(change.log.*).

A time information is local time.(system's time)

Parsed "change.log" Information

1. RP Info : The Restore Point information including current event

2. Event Sequence Number : The event order information

3. Event Period : the time range of event, the event is occurred within the time range.

4. Event Info : File System Event ex) Create, Modify, Rename, Delete ...

5. Target Path : The path of file targeted by event

6. Renamed Path : In case of Rename Event, this information is the path of renamed file.

7. Backup Path : In case of Delete Event, this is the filename information of backup file.

Update History

• v1.0 : Initial Version

Created by Junghoon Oh(blueangel)

email : blueangel1275@gmail.com