EVTX Reader

EVTX Reader is a Mac application that allows to open the binary MS Event Viewer files. Have you ever got a file with the EVTX extension on your Mac, but had to run back to a Windows machine to view it? Well this happened to me too many times, so I have developed EVTX Reader.

Also available is EVTX Viewer, an iPhone App, based on the same file parsing code.

Features:

View Event Log Files - This is the main feature of EVTX Reader. The log file is scanned in a fast pass and all the events are displayed from the oldest to the newest.

Search and Filter - Above the list of events, there is a Search Bar with Filter Buttons. Using this bar will initiate the thorough pass, which will filter the events using a Case-Sensitive search.

View Event Detailes - Select event to view its details. Note that the full XML representation of the event is last.

Notes:

Launch EVTX Reader - Starting the application will present a simple Open Files dialog. You may open multiple files at once.

Open EVTX File - The file extension EVTX is registered by EVTX Reader, so double-click on EVTX file will open it in EVTX Reader.

Technical Stuff:

Empty Description - While many times the description is full of details, other times you may see empty description. This is due to the dependency of the Event Logging system on other DLLs. To simplify the first release, there is no such dependency on external DLLs in EVTX Reader.

Unsupported Types - Some types are not yet supported, so the XML of an event may show <BinaryData>[unsupported type]</BinaryData> or similar text.

Programming Language - Users of this app are usually highly technical, so there is natural interest in the internals of this app. The app is written in Swift 3 and is using the libxml2 library.

You may contact me on Twitter using Direct Message. Thank You for using EVTX Reader.