±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35615
New Yesterday: 0 Visitors: 148

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

View raw Windows Log files

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

banderas20
Newbie
 

View raw Windows Log files

Post Posted: Jun 13, 19 05:37

Hello,

I am investigating a Windows image with Autopsy.
I know that the raw files of the logs are in the folder c:\windows\system32\config (SECURITY, SYSTEM, and so on).

I can recover the files. However, I don't know how to open them to see their contents.

¿Do you know any tool/way to do this?

Thanks in advance!  
 
  

dandaman_24
Senior Member
 

Re: View raw Windows Log files

Post Posted: Jun 13, 19 05:42

Have a look at this

www.kroll.com/en/insig...actor-kape  
 
  

jaclaz
Senior Member
 

Re: View raw Windows Log files

Post Posted: Jun 13, 19 06:10

Registry transaction logs, you mean?

Check:

www.fireeye.com/blog/t...sited.html

github.com/msuhanov/re...-log-files

and:
www.forensicfocus.com/...c/t=13713/

Up to 7 it made no or little sense to check those, if 8.1 and later, then they might be useful but there isn't AFAIK (yet) a suitable tool (viewer or parser).

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 1 of 1