Python module for reading Windows Evtx files.
This file holds hard coded offsets from here.
For development, start a venv and do:
$ pip3 install -e .
This will enable edit mode which is basically a hot reload version.
For running pytest, first do:
$ pip3 install -e .[test]
Then run:
$ pytest
or
$ pytest --file path/to/file.evtx