The steps for Event log analysis using Magnet AXIOM are as follows:

1. Open the case you used for the Recycle Bin forensic analysis and go to the OPERATING SYSTEM artifacts list again, but now choose Windows Event Logs, as in the following figure:

2. As you can see in the preceding figure, we have a huge number of event logs. To make your analysis easier, you can sort them. For example, we used the Created Date/Time column to sort our event logs. You can see partial results in the following figure:

Of course, you can use other columns to sort your logs, for example Event ID or Event Description Summary—it depends on the specific requirements of your case.