Slow performance compared to https://github.com/0xrawsec/golang-evtx

Question

Slow performance compared to https://github.com/0xrawsec/golang-evtx

CaledoniaProject opened this issue a year ago · 1 comments

I have a 100MB Security.evtx file and it took less than 20s to dump the data with https://github.com/0xrawsec/golang-evtx,

But evtx_dump.py too much longer and didn't finish in 5minutes (I killed it).

Answer 1 · 2023-07-22T11:12:27.000Z

yes, the other project is written in a language that is much more suitable for parsing large amounts of binary data. this python library can parse the files but probably isn't suitable for high performance environments.

i'd probably suggest that new projects pick the following library instead of python-evtx:

https://github.com/omerbenamram/evtx