This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn
Talk:Windows Event Log (EVT)
ASchuster: Can you provide the source of your information on the header, cursor, retention, etc? I'm not quite clear on how this information is laid out. If MSDN has this information, a link to it should be included in this page.