Venture is a cross-platform viewer for Windows Event Logs (.evtx files). Built with the Tauri, it is intended as a fast, standalone tool for quickly parsing and slicing Windows Event Log files during incident response, digital forensics, and CTF competitions.
While projects like evtxtools do a great job on the command line, sometimes a graphical interface is valuable for easy viewing and investigation. A few other features are helpful as well.
- Load any EVTX file and parse columns
- Load multiple files and join them into one table
- CSV/JSON export
- Filter on all columns (string/number values)
- Flag items of interest; filter on flagged items only
- Tabular event view
- JSON detail event view
- Paginated data
- Date-based filters
- Rearrangeable Columns
- Custom tags for Events
Easiest installation is from the pre-built packages on the Releases page.
To build, make sure you have the Tauri prerequisites installed (including [Rust][https://rustup.rs]).
I build with Deno, so I recommend doing the same. To build packages for your platform, run the following in this cloned repo's root:
deno task tauri build- Install the application
- Open a
.evtxfile, or several at once with Ctrl-click (or Command-click on Mac). - Use filters, click on columns for sorting, and flag interesting items.
There is a known bug with Tauri regarding a blank white screen on launch. The fix is to set the WEBKIT_DISABLE_DMABUF_RENDERER environment variable.
export WEBKIT_DISABLE_DMABUF_RENDERER=1This project is created with the support of UCLA Health. Many thanks for the freedom to build this program for all!