Specialized DFIR: Windows Event Log Forensics
Analyzing Windows event logs provides key information on system activities during an investigation. This course will teach you what events to focus on during your analysis and how to quickly obtain information.
What you'll learn
Windows event logs contain lots of information that assist investigations in determining what happened on a system. However, some of this information is hidden within the multitude of event logs on a system. In this course, Specialized DFIR: Windows Event Log Forensics, you’ll learn how to focus your event log investigation to find signs of compromise and suspicious activities. First, you’ll explore how to quickly go through event logs and find key events to focus on. Next, you’ll discover what logs and events provide different pieces of information. Finally, you’ll learn how to combine all of this information to have a comprehensive view of the malicious activities that took place on a compromised system. When you’re finished with this course, you’ll have the skills and knowledge needed to perform event log forensics on a Windows system.