drop evtx csv · detect record ID sequence gaps indicating selective event deletion · identify missing event ranges · score tampering probability · surface what was removed · runs locally
evtx csv
drop evtx csv (multi-file)
or click
record-id gaps · 1–10 suspicious · 11–100 bulk · 100+ critical · cross-channel correlation
drop evtx csv exports (any channel)