Hello,
I am investigating a Windows image with Autopsy.
I know that the raw files of the logs are in the folder c\windows\system32\config (SECURITY, SYSTEM, and so on).
I can recover the files. However, I don't know how to open them to see their contents.
¿Do you know any tool/way to do this?
Thanks in advance!
Have a look at this
https://
Registry transaction logs, you mean?
Check
https://
https://
and
https://www.forensicfocus.com/Forums/viewtopic/t=13713/
Up to 7 it made no or little sense to check those, if 8.1 and later, then they might be useful but there isn't AFAIK (yet) a suitable tool (viewer or parser).
jaclaz