Another interesting article has been posted by Andrea Fortuna. This time he is writing about event logs recovery from a Windows memory image. The author uses two approaches, depending on OS version. If he deals with Windows XP and 2003, he uses evtlogs Volatility plugin, for other Windows versions he uses Willi Ballenthin’s EVTXtract.

Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *