The Bottom Line
Explain how Windows event logs are stored.
Event log files are natively stored in a binary format in files with an .evtx
extension. By default, these log files are stored in the %SystemRoot%\System32\winevt\Logs
folder in Windows Vista and beyond or the %SystemRoot%\System32\config
folder. There are three default event logs on Windows systems: Application, Security, and System. The Security log is arguably the most important to investigators since it stores data related to system and object access.
Master It Explain how the event logs differ from the text logs discussed in Chapter 11.
Use Event Viewer to save, open, and examine event log files. Event Viewer can save logs in their binary (.evtx/.evt) format, as comma-separated ...