Event Viewer – System event-CST 640

Event Viewer – System event-CST 640

Event Viewer – System event-Week 2: This Discussion will be quite an “Event” (Required/Graded)

During this week, you will be learning about the Windows Event Viewer, a critical logging system built into Microsoft Windows.

On Microsoft Windows systems, most of the critical Log files from the  OS are put into the Event Viewer.

The three main logs in the Windows Event Viewer are:

  • Application (Software)
  • System (Hardware)
  • Security (Auditing)

There are also other such Logs than can be added or configured, like Setup, DNS, and PowerShell.

It can log just about every action taken on the Operating System.

Use your Windows system in MARS to generate an Event . (See Lab2 for more information).

Discuss the “Event” and explain how it could be relevant to a forensics investigation.

Please include the Log your Event falls under as well as the corresponding Event ID number. Some examples could be:

User Account Management – Event ID 4720

User Account Management – Event ID 4722

User Account Management – Event ID 4738

Logon

Audit Success

Audit Failure

Security Group Management

Special Logon

If someone on your Forensics team has already picked an Event, pick a different Event with a different Event Viewer ID.

Post one or more screenshots of your Event and tell your team how this event might be relevant to a forensics investigation.

Finally, provide an APA formatted reference along with your Event Viewer Discussion post.

Answer Preview-Event Viewer – System event-CST 640

Event Viewer - System event-CST 640

$15.00

Posted

in

by

Tags: