Event Log Explorer™ for forensic investigators
Researching event logs is one of the key challenges for forensic computer examiners. Event Log Explorer simplifies and improves the process of event log analysis. According to our customers' feedback, Event Log Explorer helps to complete event log tasks two (and even more) times faster than standard Windows Event Viewer.
This great productivity is the result of the powerful features of Event Log Explorer:
|Event log consolidation
You can analyze events from several sources (event logs, files) at one time. Event Log Explorer lets you consolidate different event logs into one single view.
This feature is crucial for timeline analysis.
|Extremely powerful filters
Event Log Explorer provides 5 (five) ways to filter events by virtually any criteria, from a simple quick filters (filter by a selected template) to complex filters that refine linked events (e.g. startup/shutdown, logon/logoff).
|Direct access to files
Event Log Explorer can access EVT and EVTX files directly (without Windows API). This allows you to read damaged event logs or read EVTX files if you use Windows XP for some reasons.
Event Log Explorer makes it possible to display event description details (e.g. user name, file name etc.) as a general column in the event list. Therefore, this feature eliminates the need for keeping track of all event descriptions and makes Event Log Explorer a great time saver.
To integrate event analysis with other forensic tasks(e.g. timeline analysis), you can export events. Event Log Explorer lets you export events to different formats such as HTML, Microsoft Excel or text file. You can export all the events in the view or just the selected ones with or without descriptions and custom columns.
|Detached description source
During forensic analysis, you commonly work with event log files. And your computer may lack text descriptions of the events you research. Event log Explorer lets you get event descriptions from another machine.
Event Log Explorer lists your event logs and event log files in the tree. It lets you immediately open the required event log with just a click.
Similarly to the export feature, you can print events when you need to create a printout of the events. Event Log Explorer will automatically choose the best page layout depending on the number of columns you print.
During the investigation you may face event logs taken from different time zones. Time correction feature lets you correct time and virtually move you to any time zone in the world.
This partial list of features makes Event Log Explorer indispensable for forensic investigators.