EVTX Inspector — Online Windows Event Log Viewer for macOS, Linux & Windows

A free, browser-based Windows Event Log analyzer. Open and investigate .evtx files and CSV event log exports entirely in your browser — no installation, no upload, nothing leaves your machine.

What it does

EVTX Inspector parses Windows .evtx binary event logs and CSV exports (from EvtxECmd, Hayabusa, Chainsaw, or Get-WinEvent) directly in the browser using WebAssembly and Web Workers. Built for DFIR analysts and incident responders working on macOS or Linux who would otherwise need a Windows VM to open these files.

Features

  • Native .evtx and CSV file support
  • Per-column filtering with OR logic, global search, and time-range picker
  • Row flagging (Suspicious, Reviewed, Noteworthy) with localStorage persistence
  • Multi-file investigation — open many logs at once, switch between them
  • Virtual scroll handles hundreds of thousands of events without pagination
  • Export flagged rows to CSV for reporting
  • Dark and light themes
  • Zero telemetry, zero uploads, zero cookies

Why it exists

Eric Zimmerman's EvtxECmd and Timeline Explorer are the gold standard for Windows Event Log triage, but they are Windows-only. CLI tools like Hayabusa and Chainsaw are headless. Existing browser viewers do not support CSV exports or row flagging. EVTX Inspector closes that gap with a zero-install investigation surface for any OS.