Recipe Difficulty: Hard

Python Version: 2.7

Operating System: Linux

Event logs, if configured appropriately, contain a wealth of information useful in any cyber investigation. These logs retain historical user activity information, such as logons, RDP access, Microsoft Office file access, system changes, and application-specific events. In this recipe, we use the pyevt and pyevtx libraries to process both legacy and current Windows event log formats.