Event Log Explorer blog | A blog about Windows administration, forensic examination, event logging and security audit

Event Log Explorer Goes 64-bit: Unlocking the Power of Large-Scale Event Analysis

We’re excited to announce the release of a new beta version of Event Log Explorer Forensic Edition (5.6), featuring a game-changing update: native 64-bit support! This upgrade significantly enhances Event Log Explorer’s capabilities, especially for users working with large event log datasets. Here’s why: Breaking the Memory Barrier While Event Log Explorer efficiently loads event logs into a temporary local database, it still requires memory… Read More »

Extra power of custom columns

Approximately 10 years ago, we introduced custom columns in Event Log Explorer. This feature allows users to extract event details from the event description or event XML. Custom columns have significantly enhanced our customers’ ability to get more information from events, and we have continuously improved it across different versions. Previously, Event Log Explorer treated custom column values as text, which sometimes was insufficient for… Read More »

Scripting in Event Log Explorer

Starting from version 5.1 Event Log Explorer comes with scripting support (scripting is implemented in the forensic and enterprise editions). Scrips help you automate many routine tasks and improve your performance. Scripting lets you can open logs, set filters, scan event views, remove specific events from a log view, export events and many more. The scripting language we use in Event Log Explorer is PascalScript… Read More »

Event Log Explorer Forensic Edition – Snapshots

Taking snapshots is one of the great new features in the Forensic Edition. Whenever you need to save a set of events for future analysis, you can take a snapshot and then load it without access to the original log or log file. Snapshots are like event log backups, but there are some differences. While backups work with the entire event log (or in some… Read More »

Event Log Explorer Forensic Edition – working with damaged logs or disks

In this article, I will show how to work with damaged event log files. Event Log Explorer forensic edition can extract events from damaged files. Let’s take a log file (e.g. a security log file) and open it with Event Log Explorer using File-> Open Log File. Event Log Explorer opens this file as it always does. Now we will intentionally corrupt this log. I… Read More »

Files in Event Log Explorer Forensic Edition. Searching for removed events

Although Standard Edition of Event Log Explorer works with event log files perfectly, you may need more functionality when analyzing damaged or intentionally modified event log files. I’m starting a series of articles about the advanced use of Event Log Explorer Forensic Edition with files. Let’s imagine that you examine an event log with removed events. If you believe that it’s impossible to remove events… Read More »

Working with disk images in Forensic Edition

Now I will explain how Event Log Explorer works with disk images. If you have a disk image from an examined computer, you should mount it as a disk. If you have a real disk, you can just connect it to your PC. Let’s consider that you already mounted a disk that contains Windows folder of the examined PC. Now you can create a virtual… Read More »

Event Log Explorer Forensic Edition

Recently we released a new edition of Event Log Explorer – Forensic Edition. Currently it has a beta version status – the final release will appear after we complete the documentation and add extra forensic features. Here I will describe the difference between the standard and forensic editions. The program keeps all features of the Standard Edition, and you commonly don’t need to use the… Read More »

Setting up Windows to read events from remote computers over a local network.

Reading event logs from remote computers is crucial for network audit. Both Event Log Explorer and Windows Event Viewer applications allow the system administrators to read event logs remotely. However sometimes (mainly in no Active Directory environment) sysadmins have problems with accessing remote event logs. In this article, I’ll explain how to setup Windows to make event logs accessible over a network. As a rule,… Read More »

Case study – A new way to get regular reports about the problems.

Several years ago, I wrote an article about generating weekly reports about network issues. The main drawback of that method was the requirement to have Event Log Explorer running all the time (or at least running by the time when the scheduled task should be started). Since that time, we released new versions and editions of Event Log Explorer and now we can get the… Read More »