GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. GrokEVT is released under the GNU GPL, and is implemented in Python.

Currently the scripts work together on one or more mounted Windows® partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.