O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Bottom Line

Explain how Windows event logs are stored. Event log files are natively stored in a binary format in files with an .evtx or .evt extension. By default, these log files are stored in the %SystemRoot%\System32\winevt\Logs folder in Windows Vista and beyond or the %SystemRoot%\System32\config folder. There are three default event logs on Windows systems: Application, Security, and System. The Security log is arguably the most important to investigators since it stores data related to system and object access.
Master It Explain how the event logs differ from the text logs discussed in Chapter 11.
Use Event Viewer to save, open, and examine event log files. Event Viewer can save logs in their binary (.evtx/.evt) format, as comma-separated ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required