drop evtx csv · detect artificially injected events · identify events with anomalous record IDs · surface timestamp inconsistencies indicating fabricated log entries · runs locally
evtx csv
drop evtx csv (multi-file)
or click
record id ordering · time written divergence · provider mismatch · impossible sequences
drop evtx csv export(s)