{"id":553,"date":"2022-08-12T18:51:14","date_gmt":"2022-08-12T18:51:14","guid":{"rendered":"https:\/\/eventlogxp.com\/blog\/?p=553"},"modified":"2022-08-12T19:11:55","modified_gmt":"2022-08-12T19:11:55","slug":"event-log-explorer-forensic-edition-snapshots","status":"publish","type":"post","link":"https:\/\/eventlogxp.com\/blog\/event-log-explorer-forensic-edition-snapshots\/","title":{"rendered":"Event Log Explorer Forensic Edition \u2013 Snapshots"},"content":{"rendered":"

Taking snapshots is one of the great new features in the Forensic Edition. Whenever you need to save a set of events for future analysis, you can take a snapshot and then load it without access to the original log or log file. Snapshots are like event log backups, but there are some differences.<\/p>\n

While backups work with the entire event log (or in some cases with event logs, filtered by an XML query), you can take a snapshot from a log view or even from separate events. Backing up from remote computers could be painful because it\u2019s linked with extra administration tasks like sharing resources and granting permissions. Unlike backups, you can take snapshots much easy. It\u2019s just like event export, but you can load the snapshot and work with it as you work with an event log file. Also, you can optionally save the current time zone and custom fields into the snapshot. Note that the snapshots contain the rendered descriptions and task category name. You don\u2019t need to have specific components (dll or exe files) on your computer to display the text correctly.<\/p>\n

Some situations when snapshots may help you:<\/p>\n