From securityonline.info
- Zircolite can be used directly on the investigated endpoint (use releases) or in your forensic/detection lab
- Zircolite is fast and can parse large datasets in just seconds (check benchmarks)
- Zircolite can handle EVTX files and JSON files as long as they are in JSONL/NDJSON format