Event Log Database Exporter

One of the great features in Event Log Explorer 4.7 is a command line utility to export event logs to the database (eldbx.exe). Using this utility, you can make a centralized storage of events for better forensic investigations and improve system and security management on your network. In the previous article I described how to export events into the database directly from Event Log Explorer… Read More »

Using Event Log Explorer to access database events

Event Log Explorer 4.7 comes with new features to save events into SQL server database and load database events. Saving events into a database gives you many advantages. You can consider event database as an event log backup. You can collect data from different computers in your network into one database and then use any reporting or analytical tools to create your own reports or… Read More »

The fastest way to filter events by description

Filtering events by description is one of the most asked questions to us. Some time ago I wrote an article devoted to this problem. Recently we had to check all events in the security log linked with a certain file (let’s say, it’s winword.exe, C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE). The easiest solution was to use Filter command and type file name in the “Text in description”… Read More »

Troubleshooting unplanned Windows automatic wake-ups

Whenever I finish working with my computer, I almost never power it off. Instead I send the computer into sleep or hibernate state. This saves lots of time at startup – I can easily continue working without reloading all the projects. However I discovered that recently my Windows 10 laptop started to wake up unexpectedly.  Such unplanned wake-ups can damage computers, e.g. if a laptop left… Read More »

Access event logs from Windows recovery mode

Sometimes this happens. Your computer stops booting correctly and needs to be fixed. Even safe mode doesn’t help. You don’t know the reason of the fault – it may be a hardware failure or a driver bug, but you don’t want to reinstall the operating system. There is a good chance that Windows logs may contain some useful information for troubleshooting. However, you cannot boot… Read More »

Filtering all the way

You probably read in the documentation that Event Log Explorer provides 5 ways to filter events. In this article, I will try to explain when you should use one or the other way of filtering. First, we can arrange filters on applying time: Pre-load filter. This filter applies to the event log before loading. Only the required events will be loaded. On-load filter. This filter… Read More »

Saving event logs to one event log file

When working with event logs, you may find that you have dozens of saved event log files, which you need to review sometimes. And it’s annoying to open each log to check it. Of course, you can open all these files at once (“Open log file” dialog lets you open multiple files) or you can just drag your files from Windows Explorer into Event Log… Read More »

Process tracking with Event Log Explorer

When performing forensic analysis or system audit activities, you may want to track what programs ran on the investigated computers. Windows security auditing lets you enable process tracking and monitor process creation and process termination. To enable process auditing you should use Group Policy Editor (gpedit.msc) or Local Security Policy (secpol.msc). You should configure Security Settings -> Audit Policy -> Audit Process Tracking or use… Read More »

Automating event log backup

Recently we received a question from our customer who asked about regular backing up of system and application event logs. He wanted to backup only local logs, but let’s extend the task for remote logs as well. So our task is to backup System and Application event logs from a local computer and remote machine (SERV1) into a folder two times a week. Let’s try… Read More »

Tracking down who removed files

Let’s assume you have a shared folder on a server which is accessible by all employees in your company. The users commonly copy some documents into this folder to let the others to work with these shared documents. One day you discover that some files unexpectedly disappeared from the shared folder. Usually this means that someone deleted these files (consciously or unconsciously). Now we need to… Read More »