RDP-Parser extracts RDP activities from Microsoft Windows Event Logs. This tool has been designed for any investigation involving exploitation of RDP service. It supports Evt and Evtx formats.

RDP-Parser extracts RDP activities from Microsoft Windows Event Logs. This tool has been designed for any investigation involving exploitation of RDP service. It supports Evt and Evtx formats.

This is a command line tool and there is no installer. You should unzip and copy the program where you want to use it.

Open a command line in the directory where the program is. You can print help message using "RDP-Parser --h":

More details about options:

--p: By default, RDP-Parser will check in the current directory, so you can copy the program in the same folder as the Event Logs you want to parse. If there is no given path and current directory doesn't contain Event Logs, RDP-Parser will copy the live system Event Logs in the current directory. This command require admin priviledge and it doesn't work for old format logs.

 Download