h4x0r/consolidate_evtx.sh

Last active June 10, 2025 02:18

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/h4x0r/b1a2ca1ed60f8b974069410e65f293f1.js"></script>
Save h4x0r/b1a2ca1ed60f8b974069410e65f293f1 to your computer and use it in GitHub Desktop.

Download ZIP

Pull all .evtx underneath a directory into the current directory, prefixed with the directory name, for multi-host bulk processing

Raw

consolidate_evtx.sh

	#!/bin/sh

	for d in "$@"; do
	fdfind '.evtx$' $d -x cp {} "$d#{/}“
	done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment