Mastering Windows Network Forensics and Investigation Chapter 12: Windows Event Logs.

Slides:



Advertisements
Similar presentations
IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.
Advertisements

Support.ebsco.com Legal Information Reference Center Tutorial.
Database Basics. What is Access? Database management system Computer-based equivalent of a manual database Makes it easy to organize and update information.
Windows XP / Microsoft Word Computer Applications.
Development and Alumni Relations System - Communication #5 - DARS v3.0: Internet Solutions.
®® Microsoft Windows 7 for Power Users Tutorial 6 Optimizing Your Hard Disk.
Mastering Windows Network Forensics and Investigation Chapter 15: Forensic Analysis of Event Logs.
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
Computer Forensic Tools. Computer Forensics: A Brief Overview Scientific process of preserving, identifying, extracting, documenting, and interpreting.
Chapter Chapter 13-2 Chapter 13 Data Modeling Introduction An Overview of Databases Steps in Creating a Database Using Rea Creating Database Tables.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.
1 SYSTEMS DESIGN Pertemuan 13 s.d 20 Matakuliah: A0554/Analisa dan Perancangan Sistem Informasi Akuntansi Tahun: 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Creating First Class Web Pages Log into your account.
Using the Windows Event Viewer and Task Scheduler Chapter 5.
Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs.
Local Health Department Contact Tracking Database An easy to use, efficient way to track the contacts, inquiries and complaints your local health department.
®® Microsoft Windows 7 Windows Tutorial 6 Searching for Information and Collaborating with Others.
Monitoring and Troubleshooting Chapter 17. Review What role is required to share folders on Windows Server 2008 R2? What is the default permission listed.
Ch 11 Managing System Reliability and Availability 1.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.
Access Lesson 2 Creating a Database
Mastering Windows Network Forensics and Investigation Chapter 11: Text-Based Logs.
COMPREHENSIVE Windows Tutorial 9 Maintaining Hardware and Software.
COMPREHENSIVE Windows Tutorial 4 Working with the Internet and .
Windows Tutorial 4 Working with the Internet and
® Microsoft Office 2010 Access Tutorial 2 Building a Database and Defining Table Relationships.
Tools Menu and Other Concepts Alerts Event Log SLA Management Search Address Space Search Syslog Download NetIIS Standalone Application.
Mastering Windows Network Forensics and Investigation Chapter 13: Logon and Account Logon Events.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Microsoft Access 2000 Presentation 1 The Basics of Access.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Introduction to FrontPage and Web Page Design. Topics Logging in to your site Creating a webpage Text formatting Page backgrounds Linking webpages Links.
XP New Perspectives on Microsoft Office FrontPage 2003 Tutorial 7 1 Microsoft Office FrontPage 2003 Tutorial 8 – Integrating a Database with a FrontPage.
Managing Services and Registry Chapter 16 powered by dj.
Module 13: Monitoring Resources and Performance. Overview Using Task Manager to Monitor System Performance Using Performance and Maintenance Tools to.
MS-Access XP Lesson 4. Modifying Queries 1.Select query in queries 2.Click design button or Right click on query and click design view 3.Change query.
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
Managing File Resource Using File Server Resource Manager Chapter 9 Advance Computer Network Lecture Sorn Pisey
ACCESSDATA® FORENSICS Windows 7 Registry Introduction
Object-Oriented Application Development Using VB.NET 1 Chapter 2 The Visual Studio.NET Development Environment.
Air Force Security Assistance Center Report.Web Tutorial AFSAC Schoolhouse DSN (937) Jun 2016 "THIS BRIEFING/PRESENTATION/DOCUMENT.
Database (Microsoft Access). Database A database is an organized collection of related data about a specific topic or purpose. Examples of databases include:
COMPREHENSIVE Windows Tutorial 6 Searching for Information and Collaborating with Others.
Legal Information Reference Center
Chapter Objectives In this chapter, you will learn:
Chapter 10: Web Basics.
Cooperation (AFSAC) Directorate Integrity  Service  Excellence
GO! with Microsoft Office 2016
Microsoft® Office 2007 Access Chapter 1:
Computing Fundamentals
LMEvents SharePoint Portal How-to Guide
GO! with Microsoft Access 2016
Chapter 4 MS ACCESS DATABASE.
Unit 10 NT1330 Client-Server Networking II Date: 8/16/2016
Chapter 2 – Introduction to the Visual Studio .NET IDE
Exporting EBSCO eBooks pages to Google Drive
Master the Mystery of Softlab Audit Trail Jane Blackmar 2018
4.6 Attached device analysis
Database Design Hacettepe University
EBSCOhost Digital Archives Viewer
Microsoft Office Illustrated Introductory, Windows XP Edition
More to Learn Viewing file details
Technical Background of UWWTD Software
Microsoft® Office 2007 Access Chapter 1:
Presentation transcript:

Mastering Windows Network Forensics and Investigation Chapter 12: Windows Event Logs

Chapter Topics: Event Log Storage Using Event Viewer Efficient Event Log Parsing

Event Log Storage Stored in proprietary, binary format Not editable/viewable with standard text editor Files end in.evt or.evtx depending on Operating System

Event Log Storage Windows 2000/XP:.evt Windows Vista +:.evtx Files such as: –System.evtx –Application.evtx –Security.evtx

Event Log Storage EVT format event Logs stored in: %SystemRoot%\System32\config folder along with the registry hive files EVTX format event Logs stored in: %SystemRoot%\System32\winevt\L ogs folder

Event Log Storage Application Log – Written to by any application System Log – Stores events related to system operation and maintenance Security Log – Security related events Many other log files can be found from Windows Vista and beyond, but these are ones of primary importance

Event Viewer Microsoft provided tool for reading.evt/.evtx files GUI based Menus are context sensitive, changing based on part of Event Viewer that is in focus Layout is different between Windows XP and Vista+

Event Viewer – Windows XP

Double clicking on a log entry brings up its properties, revealing the detailed description

Event Viewer – Windows Vista+

Double clicking on a log entry brings up its properties, revealing the detailed description

Event Log Parsing Learning to efficiently parse event logs is vital Focus on Event IDs, the numbers given to particular events that indicate what is being recorded Use the Filter feature to focus your search, and use Find to search within the filtered results

Event Log Parsing Filter can reduce your view based on event type, Event ID, date and time range, etc. Find can search within the Description field and will search forward or backward for the next occurrence of a particular string

Event Log Parsing If your analysis system is connected to the Internet, the built in Help and Support Center link on the Properties page of each Event entry will provide additional information about most Event Log entries and their meaning.

Event Log Parsing There are many (better?) log parsers that are available for low/no cost If there is a large volume of logs to review consider tools such as Splunk for initial processing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.