all InfoSec news
DFSP # 422 - EVTX Express: Cracking into Windows Logs Like a Pro
Digital Forensic Survival Podcast digitalforensicsurvivalpodcast.libsyn.com
Today I'm talking Windows forensics, focusing on Windows event logs. These logs are very valuable for fast triage, often readily available in your organization's SIEM. But have you ever wondered about the processes enabling this quick access? Not only are the logs automatically collected and fed into the appliance, but they are also formatted and normalized for easy data searchability. This is crucial, as the logs are originally in a complex format challenging to natively interpret. Now, picture a scenario …
access cracking event event logs evtx express fast fed forensics logs organization pro processes siem talking today triage windows windows event logs windows forensics windows logs