![\"\"](\"http:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2022\/04\/ImagedComputer.png\")
<\/a><\/p>\nYou may think that Event Log Explorer just opens files from \\Windows\\System32\\winevt\\Logs\\, but it does much more. When you just open a foreign even log file, you can often see the description rendering issues (The description for Event ID (Event) from source (Source) cannot be found). These issues occur because the event log file doesn\u2019t contain the description messages. Even descriptions are rendered based on the installed components, and if the required component is missing, you will see the \u201cdescription not found\u201d message.<\/p>\n
Event Log Explorer tries to emulate the live system. It reads the registry files (\\Windows\\System32\\config\\SOFTWARE and \\Windows\\System32\\config\\SYSTEM), builds a log tree, detects the location of the required description components, and then reads log files and renders descriptions messages. From the user\u2019s point of view, you are just working with the local event logs.<\/p>\n
Download Event Log Explorer Forensic Edition<\/a> to work with disk images the same way as you work with the live computers!<\/p>\n Now I will explain how Event Log Explorer works with disk images. If you have a disk image from an examined computer, you should mount it as a disk. If you have a real disk, you can just connect it to your PC. Let\u2019s consider that you already mounted a disk that contains Windows folder of the examined PC. Now you can create a virtual\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":528,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[40,7],"tags":[51,79,49],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts\/524"}],"collection":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/comments?post=524"}],"version-history":[{"count":1,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts\/524\/revisions"}],"predecessor-version":[{"id":529,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts\/524\/revisions\/529"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/media\/528"}],"wp:attachment":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/media?parent=524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/categories?post=524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/tags?post=524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/a><\/a><\/a><\/a><\/a><\/a>","protected":false},"excerpt":{"rendered":"