DFSP # 422 - EVTX Express: Cracking into Windows Logs Like a Pro

DFSP # 422 - EVTX Express: Cracking into Windows Logs Like a Pro

Today I'm talking Windows forensics, focusing on Windows event logs. These logs are very valuable for fast triage, often readily available in your organization's SIEM. But have you ever wondered about the processes enabling this quick access? Not only are the logs automatically collected and fed into the appliance, but they are also formatted and normalized for easy data searchability. This is crucial, as the logs are originally in a complex format challenging to natively interpret. Now, picture a scenario where event logs are inaccessible through a security appliance—enter this week's topic: EVTX analysis options. Don't be caught unprepared.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(498)

Populärt inom Vetenskap

p3-dystopia
dumma-manniskor
allt-du-velat-veta
kapitalet-en-podd-om-ekonomi
medicinvetarna
svd-nyhetsartiklar
sexet
rss-kriminologerna
rss-vetenskapsradion-2
halsorevolutionen
rss-broccolipodden-en-podcast-som-inte-handlar-om-broccoli
bildningspodden
rss-ufobortom-rimligt-tvivel
rss-vetenskapsradion
dumforklarat
det-morka-psyket
rss-spraket
vetenskapsradion
rss-odla
pojkmottagningen