O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 12: Windows Event Logs

Explain how Windows event logs are stored. Event log files are natively stored in a binary format in files with an .evtx or .evt extension. By default, these log files are stored in the %SystemRoot%\System32\Logfiles folder in Windows Vista and beyond or the %SystemRoot%\System32\config folder. There are three default event logs on Windows systems: Application, Security, and System. The Security log is arguably the most important to investigators since it stores data related to system and object access.
Master It Explain how the event logs differ from the text logs discussed in Chapter 11.
Solution Since event logs are stored as binary data instead of plain text, they require special software to interpret them. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required