FullEventLogView is another useful free tool from NirSoft, capable of parsing Windows 10, 8, 7, and Vista event logs. A computer forensic examiner can use it to view both event logs from a local computer and EVTX files, which can be found at %SystemRoot%WindowsSystem32winevtLogs.
Event log analysis with FullEventLogView
by Scar de Courcier, Oleg Skulkin
Windows Forensics Cookbook
- Preface
- Digital Forensics and Evidence Acquisition
- Windows Memory Acquisition and Analysis
- Windows Drive Acquisition
- Windows File System Analysis
- Windows Shadow Copies Analysis
- Windows Registry Analysis
- Main Windows Operating System Artifacts
- Introduction
- Recycle Bin content analysis with EnCase Forensic
- Recycle bin content analysis with Rifiuti2
- Recycle bin content analysis with Magnet AXIOM
- Event log analysis with FullEventLogView
- Event log analysis with Magnet AXIOM
- Event log recovery with EVTXtract
- LNK file analysis with EnCase forensic
- LNK file analysis with LECmd
- LNK file analysis with Link Parser
- Prefetch file analysis with Magnet AXIOM
- Prefetch file parsing with PECmd
- Prefetch file recovery with Windows Prefetch Carver
- Web Browser Forensics
- Email and Instant Messaging Forensics
- Windows 10 Forensics
- Data Visualization
- Troubleshooting in Windows Forensic Analysis
Event log analysis with FullEventLogView
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.