Install grokevt by entering the following commands in the terminal:
sudo apt update sudo apt install grokevt
Description:
scripts for reading Microsoft Windows event log files
GrokEVT is a collection of scripts built for reading Microsoft Windows NT/2000/XP/2003 event log files. . Currently the scripts work together on one or more mounted Microsoft Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. . This program is useful in forensics investigations.
Homepage: http://projects.sentinelchicken.org/grokevt/
Version: 0.5.0-1
Section: universe/utils