Windows Forensics MCP Server

evtx_search

Search Windows Event Logs (EVTX files) to filter events by time, Event ID, keywords, or provider for forensic analysis.

Search events from EVTX file. Filter by time, Event ID, keywords, provider.

TableJSON Schema

Name	Required	Description
`evtx_path`	Yes
`event_ids`	No
`start_time`	No	ISO format datetime
`end_time`	No
`contains`	No
`not_contains`	No
`provider`	No
`limit`	No

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/x746b/winforensics-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server