libyal/libevtx

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/libyal/libevtx)

libyal / libevtx

Library and tools to access the Windows XML Event Log (EVTX) format

☆230

Alternatives and similar repositories for libevtx

Users that are interested in libevtx are comparing it to the libraries listed below

Sorting:

libyal / libfwevt
View on GitHub
Library for Windows XML Event Log (EVTX) data types
☆18Dec 17, 2025Updated 3 months ago
libyal / libevt
View on GitHub
Library and tools to access the Windows Event Log (EVT) format
☆60Dec 15, 2025Updated 3 months ago
fox-it / danderspritz-evtx
View on GitHub
Parse evtx files and detect use of the DanderSpritz eventlogedit module
☆151Dec 15, 2017Updated 8 years ago
omerbenamram / evtx
View on GitHub
A Fast (and safe) parser for the Windows XML Event Log (EVTX) format
☆891Feb 23, 2026Updated 3 weeks ago
libyal / libmsiecf
View on GitHub
Library and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files
☆18Dec 19, 2025Updated 3 months ago
libyal / libyal
View on GitHub
Yet another library library (and tools)
☆217Dec 21, 2025Updated 3 months ago
0xrawsec / golang-evtx
View on GitHub
☆171Nov 11, 2022Updated 3 years ago
williballenthin / python-evtx
View on GitHub
Pure Python parser for Windows Event Log files (.evtx)
☆767Jun 18, 2025Updated 9 months ago
Velocidex / evtx
View on GitHub
Golang Parser for Microsoft Event Logs
☆107Nov 7, 2025Updated 4 months ago
3gstudent / Eventlogedit-evtx--Evolution
View on GitHub
Remove individual lines from Windows XML Event Log (EVTX) files
☆272Apr 17, 2021Updated 4 years ago
libyal / libagdb
View on GitHub
Library and tools to access the Windows SuperFetch database format
☆13Nov 29, 2025Updated 3 months ago
libyal / reviveit
View on GitHub
ReviveIT (revit) is a proof of concept file recovery tool (carver)
☆13Dec 3, 2020Updated 5 years ago
omerbenamram / pyevtx-rs
View on GitHub
Python bindings for https://github.com/omerbenamram/evtx/
☆55Jan 3, 2026Updated 2 months ago
libyal / libregf
View on GitHub
Library and tools to access the Windows NT Registry File (REGF) format
☆133Dec 19, 2025Updated 3 months ago
libyal / libscca
View on GitHub
Library and tools to access the Windows Prefetch File (SCCA) format.
☆83Dec 19, 2025Updated 3 months ago
DePierre / pts
View on GitHub
Packer for PE and ELF, 32 and 64bits.
☆22Aug 5, 2013Updated 12 years ago
log2timeline / dfvfs
View on GitHub
Digital Forensics Virtual File System (dfVFS)
☆219Feb 15, 2026Updated last month
williballenthin / EVTXtract
View on GitHub
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
☆209Mar 12, 2025Updated last year
libyal / libfsntfs
View on GitHub
Library and tools to access the Windows New Technology File System (NTFS)
☆227Feb 8, 2026Updated last month
omerbenamram / winstructs
View on GitHub
Parsers for common structures across windows formats.
☆12Aug 23, 2023Updated 2 years ago
libyal / libvsmbr
View on GitHub
Library and tools to access the Master Boot Record (MBR) volume system format
☆14Dec 21, 2025Updated 3 months ago
papadp / reflective-injection-detection
View on GitHub
a program to detect reflective dll injection on a live machine
☆76Dec 12, 2015Updated 10 years ago
muxq / hellorpc
View on GitHub
windows rpc 使用MIDL+RPC实现HelloWorld
☆23Mar 21, 2018Updated 7 years ago
libyal / libvshadow
View on GitHub
Library and tools to access the Volume Shadow Snapshot (VSS) format
☆114Dec 20, 2025Updated 3 months ago
al3ks1s / AD1-tools
View on GitHub
CLI Tools to open, extract and mount FTK Imager's AccessData AD1 forensic images on linux.
☆19May 27, 2025Updated 9 months ago
libyal / libfsext
View on GitHub
Library and tools to access the Extended File System
☆18Feb 1, 2026Updated last month
yarox24 / evtkit
View on GitHub
Fix acquired .evt - Windows Event Log files (Forensics)
☆18Mar 29, 2016Updated 9 years ago
kkoha / EvtxCarv
View on GitHub
recovers and reconstructs fragmented Evtx files from disk images, memory dumps, pagefiles and unallocated space
☆13Feb 3, 2015Updated 11 years ago
forensicmatt / libtsk-rs
View on GitHub
Wrapper for TSK (Sleuth Kit) Bindings
☆12Jan 10, 2023Updated 3 years ago
jschicht / Secure2Csv
View on GitHub
Decode security descriptors in $Secure on NTFS
☆22Feb 24, 2022Updated 4 years ago
libyal / libesedb
View on GitHub
Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
☆371Dec 16, 2025Updated 3 months ago
sbousseaden / EVTX-ATTACK-SAMPLES
View on GitHub
Windows Events Attack Samples
☆2,526Jan 24, 2023Updated 3 years ago
TuxMeaLux / Cryptonite
View on GitHub
Another Remote Access Control software, written in Golang. It heavily relies on cryptography to avoid threat of botnet use/abuse by other…
☆11Jan 12, 2017Updated 9 years ago
jwymanm / mftd
View on GitHub
Monitor adapter, Fake DNS, Tunnel, and DHCP combined into one Windows Service
☆12Apr 19, 2015Updated 10 years ago
ANSSI-FR / bmc-tools
View on GitHub
RDP Bitmap Cache parser
☆638Jan 21, 2025Updated last year
mandiant / flare-wmi
View on GitHub
☆432May 3, 2023Updated 2 years ago
mobdk / WinSpoof
View on GitHub
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
☆24Mar 13, 2023Updated 3 years ago
libyal / libwtcdb
View on GitHub
Library and tools to access the Windows (Vista/7) Explorer thumbnail cache database format (thumbcache.db)
☆17Dec 3, 2025Updated 3 months ago
jschicht / RawCopy
View on GitHub
Commandline low level file extractor for NTFS
☆313Jul 30, 2019Updated 6 years ago