As you saw in the previous chapter, some of the services found on Windows systems record their activities in plain-text log files. However, as you will see in this chapter, many of the logs on Windows systems are recorded not in plain text but rather in a proprietary binary format. You must view these logs using special tools in order to interpret the data they contain. Despite the proprietary nature of their storage, logs can reveal incredible amounts of information about the activities that occur on a Windows system and will often contain the best evidence available in a network investigation.
In this chapter you will learn to: