O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Windows Event Log Files Internals

By understanding the internal construction of the Windows event log files, you’ll be able to locate them in free spaces of the drive when they’ve been cleared by an intruder. You’ll also gain the knowledge necessary to repair them when they are reported as corrupt as well as reconstruct and repair them once you have located them in free spaces. In short, you must have this set of skills if you are going to effectively work with Windows event logs.

Windows Vista/7/2008 Event Logs

As we mentioned in Chapter 12, “Windows Event Logs,” the event log format changed starting with Windows Vista. Microsoft moved from a binary-based file to an Extensible Markup Language (XML)-based file for several reasons that are not ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required