Investigation Windows Event Logs

Windows Forensics Track

Windows Event Logs

This course provides an in-depth look at what Windows Event Viewer is, the types of logs or events that it displays, and how to interpret this information.

Get Started Now

Enroll now for $50

Course Curriculum

01
Windows Event Viewer Forensics
- Windows Event Viewer Forensics
02
Understanding Windows Event Logs
- Navigating Windows Event Viewer
- Searching For Events
- Types of Events
03
Enabling Logs & Changing Log Settings
- Enabling Logs & Changing Log Settings
- Enable Auditing Through Group Policy
- Enable Logging through Event Viewer
- Event Log Settings
04
Extracting and Importing Event Logs
- Extracting and Importing Event Logs
- Extracting an Event Log from a Disk Image
- Importing an Event Log File
- Check Your Knowledge
05
Event Logs Artifacts
- Event Logs Artifacts
- System Log
- Security Log #1
- Security Log #2
- Security Logs #3
- Security Logs #4
- Security Logs #5
- Security Logs #6
- Security Logs #7
- Check your Knowledge:
- Application Log
- Applications & Services Log #1
- Applications & Services Log #2
- Other Tools: Event Log Parser
- Investigation Lab
- Investigation Lab - Solutions
06
Conclusion and Resources
- Conclusion
- References

Course Type: Theory & Hands-on

6 CPE Credits

After completing this course, you will earn:

Get Started Now

Learn how to investigate Windows Event Logs

Enroll now for $50

Learning Outcomes

After completing this course, you will learn the following.

The ability to view, analyze, extract, and open Windows event logs
Understanding of applicable forensic applications of event log artifacts
Knowledge of the issues associated with Windows event logs

Technical Requirements

For the hands-on labs in this course

Windows machine (recommended Windows 10)
Internet connection
FTK Imager, if working with a forensic disk image

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates