Windows Event Log
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) (→Vista, Windows 2008, and Windows 7) |
(Updating Forensics Wiki links) |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 10: | Line 10: | ||
These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory. | These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory. | ||
− | * [ | + | * [{{ForensicsWikiURL|windows_event_log_%28evt%29}} Forensics Wiki: Windows Event Log (EVT)] |
* [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP] | * [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP] | ||
== Vista, Windows 2008, and Windows 7 == | == Vista, Windows 2008, and Windows 7 == | ||
− | These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. | + | These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer. |
− | * [ | + | * [{{ForensicsWikiURL|windows_xml_event_log_%28evtx%29}} Forensics Wiki: Windows XML Event Log (EVTX)] |
* [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)] | * [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)] | ||
* [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)] | * [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)] | ||
Line 23: | Line 23: | ||
== Links == | == Links == | ||
* [[Wikipedia:Event Viewer|Wikipedia: Event Viewer]] | * [[Wikipedia:Event Viewer|Wikipedia: Event Viewer]] | ||
+ | |||
+ | [[Category:Microsoft]] | ||
+ | [[Category:Windows]] |
Latest revision as of 14:48, 4 September 2023
The Windows Event Log tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security.
[edit] Windows 2000, XP and 2003
These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory.
- Forensics Wiki: Windows Event Log (EVT)
- How to view and manage event logs in Event Viewer in Windows XP
[edit] Vista, Windows 2008, and Windows 7
These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.