Windows Event Log Forensics Cheat Sheet

These logs can be found in the Microsoft-Windows-Kernel-PnP4Configurationevtx file.

Windows event log forensics cheat sheet. Thus the exact version of the Windows system must be considered very carefully when developing a digital forensic process centered on event logs. 4720 Account created Security. Monitoring Windows event logs can tell a lot about everything that may be wrong in any of your Windows operating systems.

SMB Access from Linux Cheat Sheet. Location Hidden System Folder Win7810. 696 rows Ultimate Registry Forensics Cheat Sheet.

To help get system logs properly Enabled and Configured below are some cheat sheets to help you do logging well and so the needed data we all need is there. It can help you when accomplishing a forensic investigation as every file that is deleted from a Windows recycle bin aware program is generally first put in the recycle bin. If you continue browsing the site you agree to the use of cookies on this website.

Mindmap sheet computer forensics of windows registry to find evidence. This log collects any type of authentication event to the operating system. Cheat-Sheets Malware Archaeology.

Collects other devices as well like PCI devices Display SCSI. Slideshare uses cookies to improve functionality and performance and to provide you with relevant advertising. The logging of these events is enabled by default.

In looking into compromised systems often what is needed by incident responders and investigators is not enabled or configured when it comes to logging. As documented in Windows Advanced logging cheat sheet you want to enable Object Access Other Object Access Events Success and Failure. 4722 Account enabled Security.