Another interesting article has been posted by¬†Andrea Fortuna. This time he is writing about¬†event logs recovery from a Windows memory¬†image. The author uses two approaches, depending on OS version. If he deals with¬†Windows XP and 2003, he uses evtlogs Volatility plugin, for other Windows versions he uses¬†Willi Ballenthin’s¬†EVTXtract.

Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *