EVTX File Documentation

Feature	Value
File Format	EVTX (Windows 7 Event Log File)
File Extension	.evtx
MIME Type	`application/octet-stream`
Developer	Microsoft
Introduced in	Windows Vista
File Signature (Hex)	`45 6C 66 46 69 6C 65 00`
Endianness	Little Endian
File structure	XML-based, binary file format
Primary Purpose	Logging Windows events
Accessed By	Event Viewer
Forensic Importance	High
Can contain	Informational, Warning, Error events
Can be exported as	XML, CSV, TXT
Compression Used	No
Default Location (System)	`%SystemRoot%System32winevtLogs`
Default Location (Applications)	`%SystemRoot%System32winevtLogsApplication.evtx`
Security Log Location	`%SystemRoot%System32winevtLogsSecurity.evtx`
Maximum File Size	Configurable, default 20MB
Encryption	No
Archiving Capability	Yes
Usability	Forensic analysis, System diagnostics, Security auditing

Was this page helpful?

Sorry to hear that. Please tell us how we can improve.