log file analysis

> they contain important informations about users authentications and activities.

Such as…?

hashes of user's password (sam.log), time of authentication and access to a machine and information about user (such as name, id…) and the system.log doesn't trace user activity in system,isn't it ? ?
correct me if am saying false things cause that 's what i find while doing some research ! !
thanks for the question D

> hashes of user's password (sam.log), time of authentication and access to a
> machine and information about user (such as name, id…)

Actually, that's not the case at all. The SAM stores all of that information.

A simple Google search revealed the following
http//www.hsc.fr/ressources/articles/win_log_files/index.html.en

This file says that the sam.log file records account lockout related info (I haven't verified this).

> …cause that 's what i find while doing some research

I'm curious to know what you mean by "research"…

thanks for the help ) …and i won't tell you the meaning of research just try to do a research in arabic (wich is my mother tongue) and then u will understand how easy is doing research in a different language wink

> …and i won't tell you the meaning of research

Well, I'm not sure you understand what I was asking.

You had said, "….cause that 's what i find while doing some research"; I was asking what it was you'd done when doing this research. Clearly, you apparently hadn't done a fairly trivial search via Google, so I was curious what you *had* done, as maybe assisting you with your research methodology would help you find things during future research.

sorry if i misunderstood u oops(that is a demonstration that i don't understand all what i read ) ) …and really thanks for the site that u told me to visit wink
thanks for the help and sorry again

Okay, so you're not going to actually *answer* my question???