by andreafortuna.org

EVTX Parser Lite

Analyze Windows event log exports locally for rapid investigation triage.

All analysis happens locally in your browser. No data is uploaded to our servers.

Load EVTX exports or paste event data to extract key fields such as timestamp, provider, channel, event ID and summary directly in your browser.

How it works: the parser applies a lightweight extraction pipeline for XML/event text, tags high-value Event IDs and prepares records for quick filtering.

Use cases: failed logon triage, suspicious service install review, and rapid incident scoping from exported Windows logs.

Input

Or upload file (`.evtx`, `.xml`, `.txt`, `.log`)

Drop EVTX/XML/text file here or click to browse

Accepted: .evtx,.xml,.txt,.log

Lite mode note: binary `.evtx` support in-browser is intentionally limited. For best results, export to XML/text from Event Viewer and analyze that data here.

No EVTX data yet

Upload a local file or paste XML/event text to begin analysis.

Frequently Asked Questions

Does this tool support all EVTX files?

No. This Lite version focuses on stable parsing of EVTX exports (XML/text). Raw binary EVTX support in-browser is limited and intentionally conservative.

Which Event IDs are highlighted?

The parser tags common security-relevant IDs including 4624, 4625, 4648, 4672, 4688, 4697, 4720, 4728, 4732, 4768, 4769, 4776 and 7045.

Can I export parsed events?

Yes. Parsed records can be exported locally as JSON and CSV for reporting, further triage or timeline integration.