Course Curriculum

    1. Windows Event Viewer Forensics

    1. Navigating Windows Event Viewer

    2. Searching For Events

    3. Types of Events

    1. Enabling Logs & Changing Log Settings

    2. Enable Auditing Through Group Policy

    3. Enable Logging through Event Viewer

    4. Event Log Settings

    1. Extracting and Importing Event Logs

    2. Extracting an Event Log from a Disk Image

    3. Importing an Event Log File

    4. Check Your Knowledge

    1. Event Logs Artifacts

    2. System Log

    3. Security Log #1

    4. Security Log #2

    5. Security Logs #3

    6. Security Logs #4

    7. Security Logs #5

    8. Security Logs #6

    9. Security Logs #7

    10. Check your Knowledge:

    11. Application Log

    12. Applications & Services Log #1

    13. Applications & Services Log #2

    14. Other Tools: Event Log Parser

    15. Investigation Lab

    16. Investigation Lab - Solutions

    1. Conclusion

    2. References

About this course

  • $50.00
  • 30 lessons
  • 0 hours of video content

6 CPE Credits

After completing this course, you will earn:

Learning Outcomes

After completing this course, you will learn the following.

  • The ability to view, analyze, extract, and open Windows event logs

  • Understanding of applicable forensic applications of event log artifacts

  • Knowledge of the issues associated with Windows event logs

Technical Requirements

For the hands-on labs in this course

  • Windows machine (recommended Windows 10)

  • Internet connection

  • FTK Imager, if working with a forensic disk image

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates

Thank You