Event Log EVT Records

Overview

Evidence: Event Log EVT Records Description: Collect most recent event log records Category: EventLogs Platform: windows Short Name: evtr Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): Yes

Background

Windows event logs (EVTX/EVT) capture system, security, and application events. This data is essential for detection and incident response.

Data Collected

This collector gathers structured data about event log evt records.

Collection Method

This collector loads an event configuration, locates channel EVTX files, and parses recent events with filters, storing summaries and event data rows.

Forensic Value

This evidence is crucial for forensic investigations to reconstruct timelines, detect attacks, and analyze security-relevant events.

PreviousEvent Log EVT Files NextEvent Log EVTX Files

Last updated 3 days ago

Was this helpful?