Simple play icon Course
Skills

Specialized DFIR: Windows Event Log Forensics

by Tyler Hudak

Analyzing Windows event logs provides key information on system activities during an investigation. This course will teach you what events to focus on during your analysis and how to quickly obtain information.

What you'll learn

Windows event logs contain lots of information that assist investigations in determining what happened on a system. However, some of this information is hidden within the multitude of event logs on a system. In this course, Specialized DFIR: Windows Event Log Forensics, you’ll learn how to focus your event log investigation to find signs of compromise and suspicious activities. First, you’ll explore how to quickly go through event logs and find key events to focus on. Next, you’ll discover what logs and events provide different pieces of information. Finally, you’ll learn how to combine all of this information to have a comprehensive view of the malicious activities that took place on a compromised system. When you’re finished with this course, you’ll have the skills and knowledge needed to perform event log forensics on a Windows system.

About the author

Tyler Hudak has more than 15 years of extensive real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple Fortune 500 firms. He has spoken and taught at a number of security conferences on the topics of malware analysis, incident response, and penetration testing, and brings his frontl ine experience and proven techniques to bear in his training.

Ready to upskill? Get started