Search Windows EVTX files with precision
Microsoft introduced a proprietary binary format called EVTX back in Vista and Server 2008 packed with new enhancements and features like log channels, new event properties, etc. Check out SANS’s EVTX and Windows Event Logging white paper for a detailed tour. Today one can use various tools for analyzing EVTX files like EvtxECmd...