RDP-Parser extracts RDP activities from Microsoft Windows Event Logs. This tool has been designed for any
investigation involving exploitation of RDP service. It supports Evt and Evtx formats.
How it works
RDP-Parser can be installed using the installer or used as a standalone application. In order to start using it,
just run the executable file from the start menu or from the program directory.
If you used the installer, you can also start the tool using the link in the Send To folder after
right-clicking on any folder or file(s).
What do you need
Windows XP SP2 or newer
New: The new version include an installer and a GUI. See documentation for
more information about the new options and features.
Extraction of Event IDs 131 and 140 from Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx
Details were not correctly extracted for event 56 and 1149 with types 2, 4 or 5.
To translate RDP-Parser to other languages:
In Settings window, use the Export Lang.ini function. The file will be
saved in the same directory of the tool;
Open the file in any text editor like Notepad;
Translate each expression at the right of the = symbol;
The expression on the left side is used by the tool to identify the expression so do not change it. Also,
be sure to have a space between the = symbol and your expression (ex. Key = Value);
Authorized characters are alphanumerics, spaces and these symbols: ",", ".", "-", "!", ",", "(" and ")".
Any other character will be deleted;
For some controls, string length must be the same as original. A longer string could be truncated if it
doesn't match the length of the field;
The value associated with the translatorName will be used in the About
window to identify you as translator (if you want). You can also add your email or a short url (ex. YourName
Restart the tool so the strings in Lang.ini will be used instead of the default language.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.