From 1b5bb2c75997ad76b074a05e70b6e22fecad6636 Mon Sep 17 00:00:00 2001
From: tsalvia <almtr.ctf@gmail.com>
Date: Fri, 31 May 2019 07:32:00 +0900
Subject: [PATCH] =?UTF-8?q?[Modify]=20README.md=E3=81=AB=E8=AA=AC=E6=98=8E?=
 =?UTF-8?q?=E3=82=92=E8=BF=BD=E8=A8=98=E3=81=97=E3=81=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 50 +++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 47 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 94aeeb9..749564d 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,52 @@
 # evtxdump
 
-## ビルド方法
+Parse the EVTX file and output it in JSON format.
+
+## Build
 
 ```
-go get github.com/0xrawsec/golang-evtx/evtx
+go get -u github.com/0xrawsec/golang-evtx/evtx
 go build evtxdump.go
-```
\ No newline at end of file
+```
+
+## Usage
+
+```
+$ evtxdump.exe -i Security.evtx
+```
+
+## Options
+
+```
+-d string
+      This option is a short version of "--directory" option.
+-directory string
+      Specifies the destination directory for the converted files.
+       (default "output")
+-i string
+      This option is a short version of "--input" option.
+-ids string
+      Specifies the event ID you want to output JOSN files.
+      Use "," to separate multiple IDs.
+      (default All Event IDs)
+-input string
+      This option is required.
+      Specifies the EVTX file you want to convert to JSON file.
+```
+
+## Examples
+
+1. Basic Usage
+    ```
+    $ evtxdump.exe -i Security.evtx
+    ```
+
+2. Specify the event IDs you want to output.
+    ```
+    $ evtxdump.exe -i Security.evtx -ids 4624,4625,1102
+    ```
+
+3. Specify the destination directory.
+    ```
+    $ evtxdump.exe -i Security.evtx -d output/jsons
+    ```
\ No newline at end of file