ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Windows Event Log (EVT)"

From ForensicsWiki
Jump to: navigation, search
 
Line 1: Line 1:
Windows Event Log Files
+
MS Windows Event Log Files
 +
 
 +
 
 +
Windows typically maintains three event log files: application, system, and security.  They are generally found in C:\Windows\system32\config.
 +
 
 +
Details of .evt file format can be found in Microsoft's MSDN library under 'EVENTLOGRECORD'
 +
[http://msdn.microsoft.com/library/default.asp?url=/library/en-us/eventlog/base/eventlogrecord_str.asp EVENTLOGRECORD]

Revision as of 19:28, 13 March 2006

MS Windows Event Log Files


Windows typically maintains three event log files: application, system, and security. They are generally found in C:\Windows\system32\config.

Details of .evt file format can be found in Microsoft's MSDN library under 'EVENTLOGRECORD' EVENTLOGRECORD