Talk:Windows Event Log (EVT)

From ForensicsWiki
Revision as of 13:05, 15 March 2006 by ASchuster (Talk | contribs)

Jump to: navigation, search

ASchuster: Can you provide the source of your information on the header, cursor, retention, etc? If MSDN has this information, a link to it should be included in this page.

This information was obtained through extensive testing. As fas as I know the only information available on MSDN is the declaration of the event record. --ASchuster