NT event log: "Windows Log Forensics" - Computer Forensic Blog

Windows Log Forensics

In Issue 16 of the free (IN)SECURE magazine Rob Faber describes the design and the various features of Microsoft Windows event logging services. His article covers both, the old log of the NT family of kernels and the redesigned event logging services found in Vista and Windows Server 2008.

Posted by Andreas Schuster on April 24, 2008 04:00 PM | Permalink

Search

Deutsch

Deutschsprachige Ausgabe

Latest articles

CarvFS on a Mac
EvtxParser on Ubuntu Linux
ZISC Workshop on Digital Forensics 2010
Evtx Parser Version 1.0.5
Slides from SANS Forensics Summit
Evtx Parser Version 1.0.4
A non-empty NullType
Tutorial on File System Analysis
Evtx Parser Version 1.0.3
Test of Media Preparation Tools

Imprint

This blog is a project of
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
Germany
impressum@forensikblog.de

int for(ensic){blog;}

Notes on computer forensics - international edition.

Windows Log Forensics

Search

Deutsch

Categories

Latest articles

Imprint

int for(ensic){blog;}

Notes on computer forensics - international edition.

Windows Log Forensics

Search

Deutsch

Categories

Latest articles

Subscribe

Imprint