ATTENTION: The new home of the Digital Forensics Wiki is at https://forensicswiki.xyz/. Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn

Difference between revisions of "Windows Event Log (EVT)"

From ForensicsWiki
Jump to: navigation, search
 
Line 1: Line 1:
Windows Event Log Files
+
MS Windows Event Log Files
 +
 
 +
 
 +
Windows typically maintains three event log files: application, system, and security.  They are generally found in C:\Windows\system32\config.
 +
 
 +
Details of .evt file format can be found in Microsoft's MSDN library under 'EVENTLOGRECORD'
 +
[http://msdn.microsoft.com/library/default.asp?url=/library/en-us/eventlog/base/eventlogrecord_str.asp EVENTLOGRECORD]

Revision as of 19:28, 13 March 2006

MS Windows Event Log Files


Windows typically maintains three event log files: application, system, and security. They are generally found in C:\Windows\system32\config.

Details of .evt file format can be found in Microsoft's MSDN library under 'EVENTLOGRECORD' EVENTLOGRECORD