Windows Event Log - Revision history

Lucidiot: Add Kaitai Struct schema

2024-12-26T17:51:35Z

Add Kaitai Struct schema

Jsummers: Updating Forensics Wiki links

2023-09-04T14:48:48Z

Updating Forensics Wiki links

Jsummers: Category:Windows

2017-03-29T20:54:24Z

Category:Windows

Dan Tobias at 16:04, 25 October 2013

2013-10-25T16:04:10Z

Dan Tobias: /* Vista, Windows 2008, and Windows 7 */

2013-10-25T16:03:20Z

‎Vista, Windows 2008, and Windows 7

Dan Tobias: /* Vista, Windows 2008, and Windows 7 */

2013-10-25T16:02:03Z

‎Vista, Windows 2008, and Windows 7

Dan Tobias: Created page with "{{FormatInfo |formattype=electronic |subcat=System files |extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}} }} The Windows Event Log tracks things that happe..."

2013-10-25T13:10:02Z

Created page with "{{FormatInfo |formattype=electronic |subcat=System files |extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}} }} The Windows Event Log tracks things that happe..."

New page

{{FormatInfo
|formattype=electronic
|subcat=System files
|extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}}
}}
The [[Windows Event Log]] tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security.

== Windows 2000, XP and 2003 ==

These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory.

* [http://www.forensicswiki.org/wiki/Windows_Event_Log_%28EVT%29|Forensics Wiki: Windows Event Log (EVT)]
* [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP]

== Vista, Windows 2008, and Windows 7 ==

These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions.

* [http://www.forensicswiki.org/wiki/Windows_XML_Event_Log_%28EVTX%29 Forensics Wiki: Windows XML Event Log (EVTX)]
* [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)]
* [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)]

== Links ==
* [[Wikipedia:Event Viewer|Wikipedia: Event Viewer]]

@@ Line 10: / Line 10: @@
 These systems use the .evt extension and are usually found in the  C:\Windows\system32\config directory.
-* [http://www.forensicswiki.org/wiki/Windows_Event_Log_%28EVT%29 Forensics Wiki: Windows Event Log (EVT)]
+* [{{ForensicsWikiURL|windows_event_log_%28evt%29}} Forensics Wiki: Windows Event Log (EVT)]
 * [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP]
@@ Line 17: / Line 17: @@
 These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.
-* [http://www.forensicswiki.org/wiki/Windows_XML_Event_Log_%28EVTX%29 Forensics Wiki: Windows XML Event Log (EVTX)]
+* [{{ForensicsWikiURL|windows_xml_event_log_%28evtx%29}} Forensics Wiki: Windows XML Event Log (EVTX)]
 * [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)]
 * [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)]

← Older revision		Revision as of 20:54, 29 March 2017
Line 23:		Line 23:
	== Links ==		== Links ==
	* [[Wikipedia:Event Viewer\|Wikipedia: Event Viewer]]		* [[Wikipedia:Event Viewer\|Wikipedia: Event Viewer]]
		+
		+	[[Category:Microsoft]]
		+	[[Category:Windows]]

@@ Line 15: / Line 15: @@
 == Vista, Windows 2008, and Windows 7 ==
-These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all.
+These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.
 * [http://www.forensicswiki.org/wiki/Windows_XML_Event_Log_%28EVTX%29 Forensics Wiki: Windows XML Event Log (EVTX)]

@@ Line 3: / Line 3: @@
 |subcat=System files
 |extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}}
 }}
 The [[Windows Event Log]] tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security.