Event Log Explorer Forensic Edition provides more features to work with EVTX files.
The standard menu item File->Open Log File still works, but we recommend using Forensics->Forensic Open File menu command.
Add, Remove and Clear buttons let you select event log file(s) to open.
File access method - Standard access method - Event Log Explorer will open files using Windows API. This is a recommended file access method. Event Log Explorer Forensic Edition will work the same way as the Standard Edition does.
File access method - Direct access method - Event Log Explorer will open files without using Windows API. This lets you open damaged EVTX files. Use this option if the Standard method fails. Note: If you have a damaged EVT file, you should try the standard command: File->Open Log File - damaged EVT files can be opened even in the Standard Edition.
Multiple files open - open each file in separate views - If you add several EVTX files to the list, Event Log Explorer each file in a new log view.
Multiple files open - merge all files in one view - Event Log Explorer will merge all files into one view.
Get event description, task and user names, text parameters from - Default location - Event Log Explorer will render event description and other event details based on the locally installed components.
Get event description, task and user names, text parameters from - Imaged computer - Event Log Explorer will render event description and other event details using the components installed on the imaged computer.
Check log files for deleted events - Event Log Explorer will try to detect if the event log files was forged by removing events. This option may not work when you open files using Direct method.
