Hi everyone !
Just quick question - I have installed simple application (VLC) on the computer at the particular time and time but I cannot find event logs indicating that it was installed, is this logged in anywhere within the event log in Win 7 (Win 7 x32 Ultimate) by default?
Thanks.
is this logged in anywhere within the event log in Win 7 (Win 7 x32 Ultimate) by default?
Maybe in the setupAPI.xxx.log
http//
http//
Not in "event log" (as seen in event viewer).
jaclaz
It depends on how it's installed.
During an engagement, I analyzed a Windows 2008 R2 system (the server version of Windows 7) and found that the Application Experience Event Log included program installations and removals.
What I would suggest is that you use LogParser (free from MS) to parse out all of the Windows Event Log records into a text or CSV format, and then search for your application name.
I just installed a program on my Win7 (64bit home premium) and saw the installation in the Application log
Source was MsiInstaller which indicated that the installer was run (id 1040 for beginning, 1042 for ending and 1033 for the completion)
There was also a record with the "System Restore" source that said that a restore point was created successfully and included a description showing what program I'd installed. (id 8194)
do you know the approx time that the application was installed? If you extract all the event logs and parse them into a timeline does it show anything of interest around that time?