You already know how to export, sort and search through Windows event logs. Now it's time to learn how to recover deleted or corrupted event log artifacts. Thankfully, there is an open source tool by Willi Ballenthin that is capable of solving this problem: EVTXtract. The tool can recover EVTX fragments not only from RAW images, but also from unallocated space and memory dumps.
- Preface
- Digital Forensics and Evidence Acquisition
- Windows Memory Acquisition and Analysis
- Windows Drive Acquisition
- Windows File System Analysis
- Windows Shadow Copies Analysis
- Windows Registry Analysis
- Main Windows Operating System Artifacts
- Introduction
- Recycle Bin content analysis with EnCase Forensic
- Recycle bin content analysis with Rifiuti2
- Recycle bin content analysis with Magnet AXIOM
- Event log analysis with FullEventLogView
- Event log analysis with Magnet AXIOM
- Event log recovery with EVTXtract
- LNK file analysis with EnCase forensic
- LNK file analysis with LECmd
- LNK file analysis with Link Parser
- Prefetch file analysis with Magnet AXIOM
- Prefetch file parsing with PECmd
- Prefetch file recovery with Windows Prefetch Carver
- Web Browser Forensics
- Email and Instant Messaging Forensics
- Windows 10 Forensics
- Data Visualization
- Troubleshooting in Windows Forensic Analysis
Event log recovery with EVTXtract
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.