[logs] Looking at windows logs

Harlan Carvey keydet89 at yahoo.com
Thu May 29 12:16:22 PDT 2008 

James,

Avoid all of these issues all together...this is actually a pretty easy fix.

http://windowsir.blogspot.com/2008/03/event-log-analysis.html

or

http://www.eventlogxp.com/



------------------------------------------
Harlan Carvey
"Windows Forensic Analysis"
http://windowsir.blogspot.com
------------------------------------------


--- On Thu, 5/29/08, James B Horwath <Jim_Horwath at glic.com> wrote:

> From: James B Horwath <Jim_Horwath at glic.com>
> Subject: [logs] Looking at windows logs
> To: loganalysis at loganalysis.org, loganalysis-bounces at loganalysis.org
> Date: Thursday, May 29, 2008, 8:42 AM
> I hope somebody can help me.   I have a windows EVT file
> from a system 
> that I want to view on another computer (which is a windows
> XP laptop). I 
> booted the laptop with Linux (backtrack) and tried to
> remove the old 
> security.evt file and replace it with mine.  Even with the
> windows drive 
> mounted with "rw" I could manipulate any of the
> files or permissions.  I 
> kept receiving a message "read-only" media.
> 
> I thought maybe I could use the eventquery.vbs file from
> the command line 
> using the /L switch  to dump the logs, this did not work.
> It appears only 
> the windows categories are readable.  I have a licensed
> copy of Adiscon 
> eventviewer and a copy of lasso. 
> 
> Can anyone offer any suggestions on how to extract this
> data?
> 
> Thanks in advance.
> Jim
> 
>  
> 
> 
> -----------------------------------------
> This message, and any attachments to it, may contain
> information
> that is privileged, confidential, and exempt from
> disclosure under
> applicable law.  If the reader of this message is not the
> intended
> recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is
> strictly
> prohibited.  If you have received this message in error,
> please
> notify the sender immediately by return e-mail and delete
> the
> message and any attachments.  Thank
> you._______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis

More information about the LogAnalysis mailing list