O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Examining Application Log Entries

The Application event log contains messages from both the operating system and various programs. Programs of all sorts can send messages to the Application event log. The user can actually use a program from Microsoft called logevent.exe to send custom messages, typically when batch files are run. This program sends messages to Event ID 1 of the Application log, by default, unless another Event ID is specified. You’ll find that many programs send messages to Event ID 1 as well, making it a catchall Event ID number.

Many utilities send messages to the Application log, especially antivirus and other system-protection programs. These security programs send messages relating to their scanning activities, the discovery ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required