Event Viewer – System event-Week 2: This Discussion will be quite an “Event” (Required/Graded)
During this week, you will be learning about the Windows Event Viewer, a critical logging system built into Microsoft Windows.
On Microsoft Windows systems, most of the critical Log files from the OS are put into the Event Viewer.
The three main logs in the Windows Event Viewer are:
- Application (Software)
- System (Hardware)
- Security (Auditing)
There are also other such Logs than can be added or configured, like Setup, DNS, and PowerShell.
It can log just about every action taken on the Operating System.
Use your Windows system in MARS to generate an Event . (See Lab2 for more information).
Discuss the “Event” and explain how it could be relevant to a forensics investigation.
Please include the Log your Event falls under as well as the corresponding Event ID number. Some examples could be:
User Account Management – Event ID 4720
User Account Management – Event ID 4722
User Account Management – Event ID 4738
Logon
Audit Success
Audit Failure
Special Logon
If someone on your Forensics team has already picked an Event, pick a different Event with a different Event Viewer ID.
Post one or more screenshots of your Event and tell your team how this event might be relevant to a forensics investigation.
Finally, provide an APA formatted reference along with your Event Viewer Discussion post.
Answer Preview-Event Viewer – System event-CST 640
