Batch Script for Renaming and Converting EVTX Files to JSON Format

 

Note on How to Run the Script:

To use this batch script, follow the steps below:

1. Prepare the environment:

   • Place the batch script in the same directory where your .evtx files are located.

   • Make sure that the evtx_dump-v0.9.0.exe executable is also in the same directory.

2. Run the script:

   • Double-click the batch script (.bat) to execute it.

   • The script will:

     1. Check all .evtx files in the directory.

     2. Rename any files that contain spaces in their names by replacing the spaces with hyphens (-).

     3. Convert all .evtx files to .json format using the evtx_dump-v0.9.0.exe executable.

     4. Display a summary of the renaming and conversion process at the end.

3. Review the output:

   • After the script finishes, you'll see a summary of:

     • How many files were found and processed.

     • How many files had their names adjusted.

     • How many files were successfully converted to .json.

     • Any files that could not be renamed or converted will also be listed.

This script simplifies the process of renaming .evtx files with spaces in their names and converting them to JSON format for further analysis.

### script ###

@echo off

setlocal enabledelayedexpansion

:: Current directory where the script will be executed (the directory where the .evtx files are located)

set "DIR=%CD%"

:: Counters

set "files_with_space=0"

set "files_converted=0"

set "files_not_converted=0"

set "files_not_renamed=0"

:: Finding all .evtx files in the current directory

echo Found the following .evtx files:

for %%F in (%DIR%\*.evtx) do (

    set "file=%%~nxF"

    echo !file!

    :: Checking if the file name contains spaces

    echo !file! | findstr /c:" " >nul

    if not errorlevel 1 (

        set "file_renamed=!file: =-!"

        set /a "files_with_space+=1"

        echo Renaming !file! to !file_renamed!

        

        ren "%%F" "!file_renamed!"

        if errorlevel 1 (

            echo Could not rename "%%F"

            set /a "files_not_renamed+=1"

        )

    )

)

echo.

echo Total files found: !files_with_space!

echo Total files with spaces in the name renamed: !files_with_space!

echo Total files that could not be renamed: !files_not_renamed!

echo.

:: Starting the conversion process

echo Starting conversion process...

for %%F in (%DIR%\*.evtx) do (

    set "file=%%~nxF"

    set "json_file_name=!file:.evtx=.json!"

    

    echo Converting %%F to !json_file_name!

    evtx_dump-v0.9.0.exe -o json -f "!json_file_name!" "%%F"

    if errorlevel 1 (

        echo Error converting %%F

        set /a "files_not_converted+=1"

    ) else (

        set /a "files_converted+=1"

    )

)

echo.

echo Conversion process completed.

echo Total files converted: !files_converted!

echo Total files not converted: !files_not_converted!

echo.

pause

### script ###

please download the file here