Skip to content
EVTX parser

Glossary

EventData

The XML child element in each rendered record that holds the provider-specific parameters: TargetUserName on a 4624, ImagePath on a 7045, CommandLine on a Sysmon 1.

The XML child element in each rendered record that holds the provider-specific parameters: TargetUserName on a 4624, ImagePath on a 7045, CommandLine on a Sysmon 1. The forensic signal almost always lives here — not in the numeric Event ID.