evtx
« Back to VersTracker
Description:
Windows XML Event Log parser
Type: Formula  |  Latest Version: 0.9.0@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: forensics windows security event-log rust dfir
Install: brew install evtx
About:
evtx is a command-line tool and library for parsing and analyzing Windows XML Event Log (.evtx) files. It provides a robust, high-performance parser that can extract event data from binary log files generated by modern Windows systems. The tool is particularly valuable for digital forensics and incident response (DFIR) workflows.
Key Features:
  • Fast and memory-efficient parser written in Rust
  • Supports both command-line usage and integration as a library
  • Can recover and parse corrupted or partially overwritten log files
  • Outputs data in human-readable and machine-parsable formats like JSON
  • Cross-platform support for analyzing logs on non-Windows systems
Use Cases:
  • Digital forensics and incident response (DFIR) analysis
  • Extracting Windows event logs for security monitoring and auditing
  • Automated processing of event logs in security pipelines
  • Researching Windows system behavior and malware analysis
Alternatives:
  • python-evtx – Python-based parser; evtx (Rust) generally offers better performance and more robust error handling.
  • Windows Event Viewer – Native GUI tool; evtx allows for scripting, automation, and analysis on non-Windows platforms.
License: Apache-2.0 OR MIT
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, arm64_ventura, sonoma, ventura, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Sep 13, 2025 3:40pm 0 VERSION_BUMP 0a789371
Nov 3, 2024 4:25pm 0 VERSION_BUMP 55e18075
Nov 3, 2024 3:32pm 0 VERSION_BUMP c82216c0
Sep 13, 2024 3:31am 0 VERSION_BUMP a1a8dfb3
Apr 4, 2024 10:56am 0 VERSION_BUMP e332b721
« Back to VersTracker  |  Browse Packages  |  About