O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Searching with Event Viewer

Despite the default security audit settings, once auditing is enabled the event logs can rapidly fill. Most of this information will be the record of normal user behavior that is of no investigative interest at all. Learning to wade through event logs quickly and efficiently is a vital skill for any Windows network investigator. In this section we will share some tips on using the Filter and Find features of Event Viewer to perform similar searches.

The Filter feature allows you to remove a lot of the clutter from the event log display. Filtering does not modify the event log in any way, but it does change what parts of the log Event Viewer will show you. Filters can be set, reset, or changed any number of times without ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required