Windows EVTX log analysis for DFIR — fast parsing, ATT&CK mapping, IOC extraction, and Sentinel anomaly detection. Normal + Juggernaut Mode (Arrow/DuckDB) for 10M+ events.
log-analysis dfir digital-forensics session-reconstruction forensic-analysis security-tools timeline-analysis blue-team evtx windows-event-logs windows-forensics blue-team-tool evtx-analysis dfir-tools event-log-analysis incident-response-tool evtx-parser event-log-parser powershell-forensics
-
Updated
May 20, 2026 - Python