Recovering the Security.evt file

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 17 years ago

3 Posts

3 Users

0 Reactions

303 Views

RSS

jakeaw03

(@jakeaw03)

Trusted Member

Joined: 17 years ago

Posts: 65

Topic starter 30/10/2008 5:42 am

Hello,

I have a system that I have pulled the Windows logs (Application, System, Security) to analyse. The Application and System logs are intact, but the security logs are empty. I have searched unallocated space for the security.evt file header, another searchable item commonly found in the file and there were no hits. Is the Security.evt logging turned on by default? Any other thoughts?

Thanks,

Quote

mkel2000

(@mkel2000)

Eminent Member

Joined: 17 years ago

Posts: 24

30/10/2008 9:50 am

Windows Security logging is turned off by default. You can look through the registry for policy settings to confirm, but the empty Security Event log is no surprise.

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

30/10/2008 4:10 pm

Check out RegRipper (RegRipper.net)…there is a plugin you can run against the Security hive file and get the audit policy for the box….

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
327 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed