Skip to main content
DFIRLab
ResearchUse CasesCompare
Intel BriefingsThreat Actors
IOC CheckFile AnalyzerPhishing CheckDomain LookupExposure ScannerPrivacy Check
Log → SplunkLog → Sentinel
WikiAbout
PlatformNew
DFIRLab

Security research, threat intelligence, and free DFIR tools.

Tools

Phishing CheckerExposure ScannerDomain LookupFile AnalyzerPrivacy CheckLog → SplunkLog → SentinelAPI Playground

Use Cases

SOC Phishing TriageIR IOC EnrichmentMSSP Exposure Monitoringn8n AutomationSee all use cases →

Compare

vs VirusTotalvs Shodanvs TheHiveSee all 8 →

Resources

DFIR WikiIntel BriefingsAboutPlatformAPI Docs

Legal

Privacy PolicyRSS FeedSitemap

© 2026 DFIR Lab. All rights reserved.

← All Tags
TAG

EVTX Format

1 post
Windows Event LogsEVTX FormatLog Analysis+2

Understanding the Windows EVTX Format and Event Field Structure

A deep dive into the binary XML format used by modern Windows Event Logging, covering the .evtx file structure, storage locations, remote collection architecture, and the common fields analysts encounter in every Event ID.

Jun 29, 20265 min read