Windows Event Log Files Internals

By understanding the internal construction of the Windows event log files, you’ll be able to locate them in free spaces of the drive when they’ve been cleared by an intruder. You’ll also gain the knowledge necessary to repair them when they are reported as corrupt as well as reconstruct and repair them once you have located them in free spaces. In short, you must have this set of skills if you are going to effectively work with Windows event logs.

Windows Vista/7/2008 Event Logs

As we mentioned in Chapter 12, “Windows Event Logs,” the event log format changed starting with Windows Vista. Microsoft moved from a binary-based file to an Extensible Markup Language (XML)-based file for several reasons that are not ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Windows Event Log Files Internals

Windows Vista/7/2008 Event Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly