Chapter 12 Windows Event Logs

As you saw in the previous chapter, some of the services found on Windows systems record their activities in plain-text log files. However, as you will see in this chapter, many of the logs on Windows systems are recorded not in plain text but rather in a proprietary binary format. You must view these logs using special tools in order to interpret the data they contain. Despite the proprietary nature of their storage, logs can reveal incredible amounts of information about the activities that occur on a Windows system and will often contain the best evidence available in a network investigation.

In this chapter you will learn to:

Explain how Windows event logs are stored
Use Event Viewer to save, open, and examine ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Chapter 12

Windows Event Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly