Windows Event Log (EVT)

From ForensicsWiki
Revision as of 14:29, 13 March 2006 by Mkucenski (Talk | contribs)

Jump to: navigation, search

MS Windows Event Log Files


Windows typically maintains three event log files: application, system, and security. They are generally found in C:\Windows\system32\config.


Details of .evt file format can be found in Microsoft's MSDN library under EVENTLOGRECORD.