Chapter 12: Windows Event Logs

Explain how Windows event logs are stored. Event log files are natively stored in a binary format in files with an .evtx or .evt extension. By default, these log files are stored in the %SystemRoot%\System32\Logfiles folder in Windows Vista and beyond or the %SystemRoot%\System32\config folder. There are three default event logs on Windows systems: Application, Security, and System. The Security log is arguably the most important to investigators since it stores data related to system and object access.

Master It Explain how the event logs differ from the text logs discussed in Chapter 11.

Solution Since event logs are stored as binary data instead of plain text, they require special software to interpret them. ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Chapter 12: Windows Event Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly