O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Understanding the Event Logs

Microsoft refers to the logs created by the Windows operating system as event logs. In Microsoft parlance, these logs record the various events that occur on a Windows system, and these events are audited by the operating system and recorded in the log files. The events that are audited get written to one of three primary event log files: Application, System, and Security. In appearance, there are two main differences between the event logs found in pre-Vista operating systems and post-Vista operating systems. The first is the file extension and the second is the location of these files. In Windows Vista and beyond, the file extension of the event logs is .evtx and the files are located in the %System32%\winevt\Logs ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required