O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Examining System Log Entries

While much of the log analysis relevant to network investigation takes place in the Security log, the System log also contains many items of evidentiary interest. The System log records events relating to many facets of system behavior. Items such as changes to the operating system, hardware configuration, device driver installation, the starting and stopping of services, and a host of other items of potential investigative interest can be found in the System log.

Perhaps messages associated with the starting and stopping of services by the Service Control Manager rank among the more significant events found in this log. Whenever a service is stopped, the Service Control Manager sends a stop signal to the service ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required