{"success":true,"data":{"ext":"evtx","name":"Windows Vista event log file","description":"Windows Vista event log file (EVTX) is a Windows event logging format developed and maintained by Microsoft for the Windows operating system. It is used to store system, security, application, and audit events for review in Event Viewer and related administrative tools. Event log files are generally safe to open, but they may contain sensitive operational data, and older logs are sometimes used in forensic and incident response investigations.","mime":[],"risk_level":"Safe","signatures":[{"hex":"45 6C 66 46 69 6C 65","offset":0,"sources":[{"name":"Wikipedia","url":"https://en.wikipedia.org/wiki/List_of_file_signatures"}]},{"hex":"45 6C 66 46 69 6C 65 00","offset":0,"sources":[{"name":"Gary Kessler","url":"https://www.garykessler.net/library/file_sigs_GCK_latest.html"}]}],"related":[],"usage":{"python":"def is_evtx(file_path: str) -> bool:\n    \"\"\"Check if file is a valid EVTX by magic bytes.\"\"\"\n    signature = bytes([0x45, 0x6C, 0x66, 0x46, 0x69, 0x6C, 0x65])\n    with open(file_path, \"rb\") as f:\n        return f.read(7) == signature","node":"function isEVTX(buffer: Buffer): boolean {\n  const signature = Buffer.from([0x45, 0x6C, 0x66, 0x46, 0x69, 0x6C, 0x65]);\n  return buffer.subarray(0, 7).equals(signature);\n}","go":"func IsEVTX(data []byte) bool {\n    signature := []byte{0x45, 0x6C, 0x66, 0x46, 0x69, 0x6C, 0x65}\n    if len(data) < 7 {\n        return false\n    }\n    return bytes.Equal(data[:7], signature)\n}"}}}