O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Bottom Line

Understand the internal structures of the Windows XP/2003 event log so that it can be repaired when “corrupted” in order that the file may be viewed and analyzed by viewers relying on the Windows API. The Windows XP/2003 event log database consists of three distinct object types. There will be one header, one floating footer, and multiple records. Each of these objects contains unique string identifiers that can be used to locate them.
Master It You have located the Windows event log files in a network case. For a variety of reasons, another investigator wishes to view them in a very sophisticated log-analysis program that is based on the Windows event log service API. When you attempt to open them in Windows Event Viewer, they ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required