Hi to all,
There is a new tool on le-tools.com: RDP-Parser.
It's a command line tool.
It extracts RDP activities from Microsoft Windows Event Logs. The tool
has been designed for any investigation involving exploitation of RDP
service. It can be used as a preview tool on a live system, or as
analysis tool on saved Event Logs.
It supports Evt and Evtx formats.
More details on: http://le-tools.com/RDP-Parser.html
Alain Rioux
Le-tools.com