add Python code to parse security event log (xml format) NIST_data_leakage02

README.md

@@ -131,22 +131,22 @@ The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/NIS
 
 **Topics Covered**
 
-| Labs   | Topics Covered                                                                                                               | Size of PPTs |
-| ------ | ---------------------------------------------------------------------------------------------------------------------------- | ------------ |
-| Lab 0  | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx)                                       | 2M           |
-| Lab 1  | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx)                                                | 3M           |
-| Lab 2  | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx)                                        | 3M           |
-| Lab 3  | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx)                                          | 3M           |
-| Lab 4  | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx)                                            | 3M           |
-| Lab 5  | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx)                        | 2M           |
-| Lab 6  | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx)                  | 2M           |
-| Lab 7  | [Network Drive and Cloud](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx)                               | 5M           |
-| Lab 8  | [Master File Table ($MFT) and Log File  ($logFile) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)     | 13M          |
-| Lab 9  | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)                                         | 4M           |
-| Lab 10 | [Windows Volume Shadow Copy Analysis/SQL database carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx) | 6M           |
-| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx)                  | 3M           |
-| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx)                                           | 3M           |
-| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx)                       | 2M           |
+| Labs   | Topics Covered                                                                                                                                                              | Size of PPTs |
+| ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
+| Lab 0  | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx)                                                                                      | 2M           |
+| Lab 1  | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx)                                                                                               | 3M           |
+| Lab 2  | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) [Python version](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML_Python.pptx) | 10M          |
+| Lab 3  | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx)                                                                                      | 3M           |
+| Lab 4  | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx)                                                                                           | 3M           |
+| Lab 5  | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx)                                                                       | 2M           |
+| Lab 6  | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx)                                                                 | 2M           |
+| Lab 7  | [Network Drive and Cloud](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx)                                                                              | 5M           |
+| Lab 8  | [Master File Table ($MFT) and Log File  ($logFile) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)                                                    | 13M          |
+| Lab 9  | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)                                                                                        | 4M           |
+| Lab 10 | [Windows Volume Shadow Copy Analysis/SQL database carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx)                                                | 6M           |
+| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx)                                                                 | 3M           |
+| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx)                                                                                          | 3M           |
+| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx)                                                                      | 2M           |
 
 ---