Chapter 8. Event Log Analysis

In this chapter, we will learn about Event Logs in the Microsoft operating system. We will discuss why it is important to cover issues related to event logs for successful investigation. We will consider differences between event logs depending on the MS Windows version.

Event Logs - an introduction

When an operating system works, a lot of events take place in the system. The range of these events is very large and a majority of them can be registered in the system. To register events on the system, there is a powerful mechanism called Event Logging. It presents a standard centralized way, which the operating system and applications use to record important information coming from software and hardware. An event can be ...

Get Practical Windows Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Windows Forensics by Ayman Shaaban, Konstantin Sapronov

Chapter 8. Event Log Analysis

Event Logs - an introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly