Windows Events

API

• Event Tracing for Windows (ETW)
  • Windows 2000 ~
• Event Logging
  • Windows 2000 ~ Windows Server 2003
• Windows Event Log
  • Windows Vista ~
• TraceLogging
  • Windows 10 ~

External Project

• Hayabusa
• evtx
  • Rust 기반 parser
  • [https://github.com/omerbenamram/evtx]

References

• https://learn.microsoft.com/en-us/windows/win32/Events/windows-events
• https://learn.microsoft.com/en-us/windows/win32/etw/event-tracing-portal
• https://learn.microsoft.com/en-us/windows/desktop/EventLog/event-logging
• https://learn.microsoft.com/en-us/windows/desktop/WES/windows-event-log
• https://learn.microsoft.com/en-us/windows/desktop/tracelogging/trace-logging-portal
• https://github.com/microsoft/tracelogging