horizontal lines

What is an EVTX file?

Q&A

EVTX has been used in the Microsoft Windows operating system for event logs since Windows Vista and is still used even in the latest versions. A typical .evtx file is exported binary XML event log from Event Viewer that contains various information on how programs are working and the type of errors they encounter.

The previous versions of Windows used the evt file extension instead. Files with evtx extension can usually be found as event logs generated in Microsoft Windows operating system. An event log file contains various information on how programs work and the type of errors they encounter.

Windows uses EVTX, an XML-based log format for recording events.

The Windows 7 Event Viewer created this log file, which contains a list of recorded events, and is saved in a proprietary binary format that can only be viewed within the Event Viewer program.


View additional content:

Easy Windows event log analysis

How to analyze Sysmon logs

How to convert EVTX to CSV

Online EVTX parser and viewer