Join Us!

Notifications
Clear all

Security.evtx  

  RSS
giandega
(@giandega)
Active Member

dear all,

I am analyzing two computer with windows 10.W suspect data exfiltration.

I extracted from both computer the file Security.evtx. One is empty and one is corrupted.

Can someone suggest me a tool for recover those files?

thanks in advance

Quote
Posted : 26/05/2020 5:52 pm
keydet89
(@keydet89)
Community Legend

I might help if you could describe a couple of things.

First, how did you extract the files?  What method did you use?

Second, if the issue is data exfiltration, what do you hope to find in the Security Event Log?  I ask, as if you're able to articulate what you're looking for, there may be alternate artifacts in the constellation that can be examined.

HTH

ReplyQuote
Posted : 01/06/2020 5:59 pm
Em-Belkasoft
(@em-belkasoft)
Junior Member
Posted by: @giandega

dear all,

I am analyzing two computer with windows 10.W suspect data exfiltration.

I extracted from both computer the file Security.evtx. One is empty and one is corrupted.

Can someone suggest me a tool for recover those files?

thanks in advance

I doubt you will be able to recover the data you need from those files. You may want to try carving the entries from the registry. 

ReplyQuote
Posted : 02/06/2020 8:24 pm
giandega
(@giandega)
Active Member

Thanks for answering me.

I solved the situation. opening the file with a log viewer gives the errors above. Opening it with the windows event viewer, there are no errors

thanks again

ReplyQuote
Posted : 03/06/2020 8:57 am
Share: