Skip to content
.evtx

Posts tagged "{tag}": #reference

← Back to blog
The EVTX file format: a complete byte-level reference
A field-by-field reference for the Windows .evtx format — file header, ELFCHNK chunk header, event record, the full BinXML token and value-type tables, and a worked decode from raw bytes to rendered XML.
evtxfile-formatbinxmldfir
Windows Security Event ID cheat sheet for DFIR
The Windows event IDs that matter in an investigation, grouped by attack phase — with the log they live in, a one-line meaning, and a link to the deep-dive for each. A reference for incident response and threat hunting.
evtxdfirevent-idreference