Skip to content

DFIR-OGRE documentation

CTRL K

CTRL K

Getting Started
- Docker‑based Installation
- Manual Installation
Usage
Built-in Plugins
Plugin Creation

Logs

Parse Windows EventLog (EVT) files and emit one record per event

Parses PCA application launch data

Pca General Record

Extracts each line of a PCA log

ParsesWindows Error Reporting files (WER), extracting metadata about crashes, hangs, and other failure events reported by the operating system

Parses windows evtx logs

© Copyright 2026, ANSSI. The contents of this documentation is available under the Open License version 2.0 published by Etalab.

Powered by Hextra