dear all,
I am analyzing two computer with windows 10.W suspect data exfiltration.
I extracted from both computer the file Security.evtx. One is empty and one is corrupted.
Can someone suggest me a tool for recover those files?
thanks in advance
I might help if you could describe a couple of things.
First, how did you extract the files? What method did you use?
Second, if the issue is data exfiltration, what do you hope to find in the Security Event Log? I ask, as if you're able to articulate what you're looking for, there may be alternate artifacts in the constellation that can be examined.
HTH
dear all,
I am analyzing two computer with windows 10.W suspect data exfiltration.
I extracted from both computer the file Security.evtx. One is empty and one is corrupted.
Can someone suggest me a tool for recover those files?
thanks in advance
I doubt you will be able to recover the data you need from those files. You may want to try carving the entries from the registry.Â
Thanks for answering me.
I solved the situation. opening the file with a log viewer gives the errors above. Opening it with the windows event viewer, there are no errors
thanks again
