Windows Event Log
From Just Solve the File Format Problem
(Difference between revisions)
(Updating Forensics Wiki links) |
m (Add Kaitai Struct schema) |
||
| Line 3: | Line 3: | ||
|subcat=System files | |subcat=System files | ||
|extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}} | |extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}} | ||
| + | |kaitai struct=windows_evt_log | ||
}} | }} | ||
The [[Windows Event Log]] tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security. | The [[Windows Event Log]] tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security. | ||
Latest revision as of 17:51, 26 December 2024
The Windows Event Log tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security.
[edit] Windows 2000, XP and 2003
These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory.
- Forensics Wiki: Windows Event Log (EVT)
- How to view and manage event logs in Event Viewer in Windows XP
[edit] Vista, Windows 2008, and Windows 7
These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.
