Windows Event Logs record evidence of many significant types of activity, including when a machine was booted or shut down, when users logged in and out and from where, device insertions, network connections and so much more. But knowing how to efficiently find this evidence is complicated by several factors. Investigators need to sort through a multitude of types of events recorded, inconsistent Event ID numbers across Windows versions and multiple file formats. The fact that there can easily be hundreds of thousands of records on even lightly used machines can make analyzing Event Logs a daunting task. All these factors can present a significant barrier for investigators to use Event Logs to their fullest potential.
Join Cellebrite’s Senior Digital Forensics Researcher, Dr. Vico Marziale, as he walks you through the tools you need to quickly and easily get to the important information that can add an abundance of context to your case.
During this webinar, Vico will cover:
- History and background of Event Logs on Windows
- Types of case-related activity Event Logs can speak directly to
- How to find the important information in the sea of log entries
- How to build activity timelines of important system events using just the Event Logs
Date: 16th September 2020
Time: 2:00 PM EST / 11:00 AM PST