Extracting Windows event logs using memory forensics

Extracting Windows event logs using memory forensics

Abstract Microsoft’s Windows Operating System provides a logging service that collects, filters and stores event messages from the kernel and applications into log files (.evt and .evtx). Volatility, the leading open source advanced memory forensic suite, currently allows users to extract these even...

Full description

Bibliographic Details
Main Author: Veca, Matthew
Format: Others
Published: ScholarWorks@UNO 2015
Subjects:
evtx
Volatility
evtxlogs.py
Information Security
Online Access:http://scholarworks.uno.edu/td/2119
http://scholarworks.uno.edu/cgi/viewcontent.cgi?article=3206&context=td

Internet

http://scholarworks.uno.edu/td/2119
http://scholarworks.uno.edu/cgi/viewcontent.cgi?article=3206&context=td

Similar Items