Tag Archives: digital forensics

Event Log Explorer Goes 64-bit: Unlocking the Power of Large-Scale Event Analysis

We’re excited to announce the release of a new beta version of Event Log Explorer Forensic Edition (5.6), featuring a game-changing update: native 64-bit support! This upgrade significantly enhances Event Log Explorer’s capabilities, especially for users working with large event log datasets. Here’s why: Breaking the Memory Barrier While Event Log Explorer efficiently loads event logs into a temporary local database, it still requires memory… Read More »

Event Log Explorer Forensic Edition – Snapshots

Taking snapshots is one of the great new features in the Forensic Edition. Whenever you need to save a set of events for future analysis, you can take a snapshot and then load it without access to the original log or log file. Snapshots are like event log backups, but there are some differences. While backups work with the entire event log (or in some… Read More »

Event Log Explorer Forensic Edition – working with damaged logs or disks

In this article, I will show how to work with damaged event log files. Event Log Explorer forensic edition can extract events from damaged files. Let’s take a log file (e.g. a security log file) and open it with Event Log Explorer using File-> Open Log File. Event Log Explorer opens this file as it always does. Now we will intentionally corrupt this log. I… Read More »

Files in Event Log Explorer Forensic Edition. Searching for removed events

Although Standard Edition of Event Log Explorer works with event log files perfectly, you may need more functionality when analyzing damaged or intentionally modified event log files. I’m starting a series of articles about the advanced use of Event Log Explorer Forensic Edition with files. Let’s imagine that you examine an event log with removed events. If you believe that it’s impossible to remove events… Read More »

Working with disk images in Forensic Edition

Now I will explain how Event Log Explorer works with disk images. If you have a disk image from an examined computer, you should mount it as a disk. If you have a real disk, you can just connect it to your PC. Let’s consider that you already mounted a disk that contains Windows folder of the examined PC. Now you can create a virtual… Read More »

Event Log Explorer Forensic Edition

Recently we released a new edition of Event Log Explorer – Forensic Edition. Currently it has a beta version status – the final release will appear after we complete the documentation and add extra forensic features. Here I will describe the difference between the standard and forensic editions. The program keeps all features of the Standard Edition, and you commonly don’t need to use the… Read More »

Using different opening methods to read event log files

Event Log Explorer comes with 3 methods of opening event log files: Standard, New API and Direct. Such an abundance of options may confuse users when choosing the method. “What opening method should I use?” – a very common question of our customers. The answer is very simple: In most cases use New API method. But what the other methods for? First, I should remind… Read More »

Process tracking with Event Log Explorer

When performing forensic analysis or system audit activities, you may want to track what programs ran on the investigated computers. Windows security auditing lets you enable process tracking and monitor process creation and process termination. To enable process auditing you should use Group Policy Editor (gpedit.msc) or Local Security Policy (secpol.msc). You should configure Security Settings -> Audit Policy -> Audit Process Tracking or use… Read More »

Tracking down who removed files

Let’s assume you have a shared folder on a server which is accessible by all employees in your company. The users commonly copy some documents into this folder to let the others to work with these shared documents. One day you discover that some files unexpectedly disappeared from the shared folder. Usually this means that someone deleted these files (consciously or unconsciously). Now we need to… Read More »

9 Vendors of Digital Forensics You May Have Missed. Part 2

In the previous post we talked about 010 Editor, Event Log Explorer, ElcomSoft and Oxygen forensic solutions. In this blog post, we continue the brief review of prominent forensic tools. Next on our list is Belkasoft. Belkasoft Evidence Center 2016 Belkasoft Evidence Center is an all-around forensic solution to pinpoint, extract and review digital evidence stored on desktop computers, laptops and mobile devices. The Belkasoft product… Read More »