Blank page – Windows event log analysis software, view and monitor system, application and security event logs

9 Vendors of Digital Forensics You May Have Missed. Part 2

In the previous post we talked about 010 Editor, Event Log Explorer, ElcomSoft and Oxygen forensic solutions. In this blog post, we continue the brief review of prominent forensic tools. Next on our list is Belkasoft. Belkasoft Evidence Center 2016 Belkasoft Evidence Center is an all-around forensic solution to pinpoint, extract and review digital evidence stored on desktop computers, laptops and mobile devices. The Belkasoft product… Read More »

Event Log Explorer Forensic Edition Preview

Several days ago, we published a preview of the new edition of Event Log Explorer software – Forensic Edition! Here I will show what benefits you can get from this edition. First, I should say that currently it is fully compatible with the standard edition of Event Log Explorer – it uses the same workspace, the same settings and currently the same registration key. By… Read More »

9 Vendors of Digital Forensics You May Have Missed. Part 1

Looking for a solid solution to unravel computer-stored evidence? Need a deeper insight into what’s happening on your PC or a suspect’s device, looking to restore or crack an essential password? Check out this brief review of unheralded yet powerful forensic tools. The most common definition of computer forensics is the procedure of detecting and analyzing evidence collected from digital media, i.e. hard drives, portable… Read More »

Exporting event logs with Windows PowerShell

Do you need to automate error reporting based on recent events and don’t want to use third-party tools? This article describes how to collect events from different sources and unite them in one document using standard Windows instruments only. Recently I described how to export events into Excel format using our Event Log Explorer software. However, in some cases, using third-party software can be impossible.… Read More »

Case study – generating regular reports about the problems in your Windows network

Recently one of our clients asked us about the best way to organize a passive monitoring of their servers. The client told us that they don’t need to monitor the servers actively, but they want to have weekly reports about the problems. They tried to gather events using Windows PowerShell and export them to CSV format (to view events in Excel), but finally they gave… Read More »

Troubleshooting knowledge base

Some of us have dealt with the frustration of dealing with a problem we know we’ve experienced before, but didn’t register it properly. The outcome? We do it all over again, and basically, waste time and past effort. A good record of an analysis and key events can save a lot of time. Most of the internal knowledge bases used by companies, small and large,… Read More »

Forensics and Benford’s Law

As a producer of digital forensic software, we are regularly learning more about forensic methods and tasks. Recently I came across a curious article (and video) in Business Insider called “How forensic accountants use Benford’s Law to detect fraud” The video states that forensic guys can use Benford’s Law to analyze financial data and identify red flags. This sounds interesting because it is too easy to… Read More »

Troubleshooting philosophy – Windows event log error analysis

There are different circumstances that lead to an event log analysis. One of the most common is the reactive Windows error log search, “reactive” because it is done in reaction to a problem, “error log” because what we are looking for error events that will help us identify the origin of the problem. When searching the error log entries (error events in Application and System logs), it… Read More »

Once again about custom columns – extracting details from Application or System event logs

In my article “Exploring who logged on the system“, I described how to add to the event list custom columns that display data from the event description. Probably you might think that adding custom columns works for Security event logs only. Although we initially designed Custom columns feature exactly for Security logs (and referred them by name, e.g. Subject\Account name), we made it possible to use… Read More »

Advanced filtering. How to filter events by event description

A key instrument for event logs analysis is the function of event filtering. All known event log analysis tools have filtering feature, and I suppose, it is the most demanded feature of these applications. Setting filter for the most of event fields is easy. As a rule, all the event log applications let you filter by timeframe, event level, source, event IDs, users or computers… Read More »