Windows Event Logs

Since Windows was first released, it has always produced event logs of system and application activities. The logging has continually evolved over time, improving considerably in the process. Windows logs have always been rather cryptic and little understood. To make matters worse, by default Windows hasn’t been very good at turning on the auditing features that are built in to the system. Thus, many people believe that Windows logging is not occurring or that what is being logged doesn’t make much sense. Accordingly, the wealth of information available in logs hasn’t been fully leveraged by the computer forensics community.

Kinds of Information Available in Event Logs

Even though Windows auditing is not enabled by default, ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Windows Event Logs

Kinds of Information Available in Event Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly