Understanding the Event Logs

Microsoft refers to the logs created by the Windows operating system as event logs. In Microsoft parlance, these logs record the various events that occur on a Windows system, and these events are audited by the operating system and recorded in the log files. The events that are audited get written to one of three primary event log files: Application, System, and Security. In appearance, there are two main differences between the event logs found in pre-Vista operating systems and post-Vista operating systems. The first is the file extension and the second is the location of these files. In Windows Vista and beyond, the file extension of the event logs is .evtx and the files are located in the %System32%\winevt\Logs ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.