Home Presentations Windows Forensics: Event Trace Logs

Windows Forensics: Event Trace Logs


Looking for a “new” Windows artifact that is currently being underutilized and contains a wealth of information? Event Tracing for Windows (ETW) and Event Trace Logs (ETL) may be your answer. There’s nothing new about them, yet they can provide a wealth of information. Event Tracing for Windows was introduced in Windows 2000 and is still going strong in current versions of Windows. ETW is typically used for performance and debugging analysis by the Windows OS and by application developers. ETLs are ETW sessions that are stored to disk. They can be found in numerous locations on a Windows system and carry the extension “.etl.” They can contain system configuration information, WiFi connection SSIDs and configuration, Process and Thread information, File and Disk IO, Sleep Session Studies, Boot and Shutdown information, and much more.

This talk will cover what ETL files are and where you can expect to find them, how to decode ETL files, caveats associated with those files, and some interesting and forensically relevant data that ETL files can provide.

Load More Related Articles
Load More In Presentations


  1. 2ostracism

    December 30, 2021 at 10:35 pm


  2. boomerang gay dating

    January 2, 2022 at 2:24 pm

    gay gamer dating sites https://gayprideusa.com

  3. dating gay strippers pros and cons stories

    January 2, 2022 at 3:26 pm

    free gay dating sites grindr https://speedgaydate.com

  4. arizona gay speed dating

    January 2, 2022 at 4:26 pm

    gay piss play dating https://gayfade.com

  5. 1-800 contacts refined gay men chat

    January 14, 2022 at 10:42 am

  6. dating advice for gay men https://speedgaydate.com/