This tool can parse "change.log.*" file of Restore Point in Windows XP.
A input of this tool is the path of folder storing "change.log.*" files and these "change.log.*" file's time information(Create Time, Last Modified Time) should be maintained. So, Encase is recommended to acquire source files(change.log.*).
A time information is local time.(system's time)
Parsed "change.log" Information
1. RP Info : The Restore Point information including current event
2. Event Sequence Number : The event order information
3. Event Period : the time range of event, the event is occurred within the time range.
4. Event Info : File System Event ex) Create, Modify, Rename, Delete ...
5. Target Path : The path of file targeted by event
6. Renamed Path : In case of Rename Event, this information is the path of renamed file.
7. Backup Path : In case of Delete Event, this is the filename information of backup file.
Update History
v1.0 : Initial Version
Created by Junghoon Oh(blueangel)
email : blueangel1275@gmail.com