diff --git a/pkgs/tools/security/evtx/default.nix b/pkgs/tools/security/evtx/default.nix
new file mode 100644
index 00000000000..51f706598fa
--- /dev/null
+++ b/pkgs/tools/security/evtx/default.nix
@@ -0,0 +1,31 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, rustPlatform
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "evtx";
+  version = "0.7.2";
+
+  src = fetchFromGitHub {
+    owner = "omerbenamram";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-T165PZhjuX5tUENZoO6x1u2MpMQTfv9dGRmxyNY2ACg=";
+  };
+
+  cargoSha256 = "sha256-qcjJoXB0DV1Z5bhGrtyJzfWqE+tVWBOYMJEd+MWFcD8=";
+
+  postPatch = ''
+    # CLI tests will fail in the sandbox
+    rm tests/test_cli_interactive.rs
+  '';
+
+  meta = with lib; {
+    description = "Parser for the Windows XML Event Log (EVTX) format";
+    homepage = "https://github.com/omerbenamram/evtx";
+    license = with licenses; [ asl20 /* or */ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 8f432f8e438..26343ec331b 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -5376,6 +5376,8 @@ with pkgs;
 
   evil-winrm = callPackage ../tools/security/evil-winrm { };
 
+  evtx = callPackage ../tools/security/evtx { };
+
   luckybackup = libsForQt5.callPackage ../tools/backup/luckybackup {
     ssh = openssh;
   };