Skip to content
EVTX parser

Posts tagged "{tag}": #binxml

← Back to blog
The EVTX file format, decoded
A working tour of the EVTX binary format: file header, ELFCHNK chunks, BinXML templates, substitution arrays, and why parsing this thing is harder than it looks.
evtxfile-formatbinxmldfir