From bce5ea756647d18d66281f01441ae174fb4af41c Mon Sep 17 00:00:00 2001
From: rshipp <github@rshipp.com>
Date: Sat, 9 May 2015 16:35:00 -0600
Subject: [PATCH] Add @williballenthin EVTXtract and python libs

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 0c44791..8c3198b 100644
--- a/README.md
+++ b/README.md
@@ -216,6 +216,8 @@ the [browser malware](#browser-malware) section.*
 
 * [bulk_extractor](https://github.com/simsong/bulk_extractor) - Fast file
   carving tool.
+* [EVTXtract](https://github.com/williballenthin/EVTXtract) - Carve Windows
+  Event Log files from raw binary data.
 * [Foremost](http://foremost.sourceforge.net/) - File carving tool designed
   by the US Air Force.
 * [Hachoir](https://bitbucket.org/haypo/hachoir) - A collection of Python
@@ -299,6 +301,10 @@ the [browser malware](#browser-malware) section.*
 
 ## Windows Artifacts
 
+* [python-evt](https://github.com/williballenthin/python-evt) - Python
+  library for parsing Windows Event Logs.
+* [python-registry](http://www.williballenthin.com/registry/) - Python
+  library for parsing registry files.
 * [RegRipper](https://regripper.wordpress.com/)
   ([GitHub](https://github.com/keydet89/RegRipper2.8)) -
   Plugin-based registry analysis tool.