Difference between revisions of "Windows Event Log (EVT)"

From Forensics Wiki
Jump to: navigation, search
Line 3: Line 3:
  
 
Windows typically maintains three event log files: application, system, and security.  They are generally found in C:\Windows\system32\config.
 
Windows typically maintains three event log files: application, system, and security.  They are generally found in C:\Windows\system32\config.
 +
  
 
Details of .evt file format can be found in Microsoft's MSDN library under 'EVENTLOGRECORD'
 
Details of .evt file format can be found in Microsoft's MSDN library under 'EVENTLOGRECORD'
 
[http://msdn.microsoft.com/library/default.asp?url=/library/en-us/eventlog/base/eventlogrecord_str.asp EVENTLOGRECORD]
 
[http://msdn.microsoft.com/library/default.asp?url=/library/en-us/eventlog/base/eventlogrecord_str.asp EVENTLOGRECORD]

Revision as of 14:29, 13 March 2006

MS Windows Event Log Files


Windows typically maintains three event log files: application, system, and security. They are generally found in C:\Windows\system32\config.


Details of .evt file format can be found in Microsoft's MSDN library under 'EVENTLOGRECORD' EVENTLOGRECORD

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Windows_Event_Log_(EVT)&oldid=2577"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox