Home How To How to Recover Event Logs from a Windows Memory Image

How to Recover Event Logs from a Windows Memory Image

0
0
861

Another interesting article has been posted by Andrea Fortuna. This time he is writing about event logs recovery from a Windows memory image. The author uses two approaches, depending on OS version. If he deals with Windows XP and 2003, he uses evtlogs Volatility plugin, for other Windows versions he uses Willi Ballenthin’s EVTXtract.

Load More Related Articles
  • C2 Hunting

    Here is the latest post by Jack Crook (@jackcr) in which he discusses detecting and/or hun…
  • How to perform AWS Cloud Forensics

    Here is a nice overview of EC2 instances volume and memory acquisition process, plus some …
  • Forensic Review with Notepad++

    In this post Hoyt Harness writes about how to add Plugin Manager to Notepad++ and make it …
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *