Windows EventViewer Analysis | DFIR
In this article, we will show you some approaches to analyze some activity on Windows events.
Last Activity View
Other tools from NirSoft can be observed and downloaded here.
Evtx analysis
Create a new filter with the type of event ID or events between a specific date.
2. After create it, click on context menu and "Save As ...".
Use a specific tool to analyze the logs.
Examples
ExamplesDeepBlueCLI: https://github.com/sans-blue-team/DeepBlueCLI
WELA (Windows Event Log Analyzer): https://github.com/Yamato-Security/WELA
EventID - Windows Events Search
Outlook files analysis
View .msg files (from Outlook)
Last updated
