O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 15

Forensic Analysis of Event Logs

In this chapter, we will look at the internal structure of the Windows event log files and compare logs from the Windows XP era, as well as the Windows Vista era and beyond. We will look at how to recover log files from unallocated space after they’ve been deleted by an intruder. Because few network attackers miss the chance to clear event logs and dump the data, a network examiner must have the ability to recover event log data.

In addition, we will look at how to repair corrupted Windows XP/2003 event log files in order to examine them with viewing tools that rely on the use of the Windows API (Event Viewer, Log Parser, Event Analyst, and others). In this chapter, you will learn to:

  • Understand the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required