How is an EVT file structured and what key fields must be updated when deleting a log entry?

An EVT file consists of a file header, event records, an end-of-file record, and trailing empty values. When deleting a single log entry, you must update five items in the file header (first record offset, end-of-file record offset, last record number, first record number, maximum file size) and four items in the end-of-file record (same four offsets/numbers). The original Windows Event Viewer Log (EVT) Single Log Deletion (Part 1) – Deletion Approach and Examples details the exact byte offsets for each field.