Windows Event Log
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) (→Vista, Windows 2008, and Windows 7) |
Dan Tobias (Talk | contribs) (→Vista, Windows 2008, and Windows 7) |
||
Line 15: | Line 15: | ||
== Vista, Windows 2008, and Windows 7 == | == Vista, Windows 2008, and Windows 7 == | ||
− | These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. | + | These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer. |
* [http://www.forensicswiki.org/wiki/Windows_XML_Event_Log_%28EVTX%29 Forensics Wiki: Windows XML Event Log (EVTX)] | * [http://www.forensicswiki.org/wiki/Windows_XML_Event_Log_%28EVTX%29 Forensics Wiki: Windows XML Event Log (EVTX)] |
Revision as of 16:03, 25 October 2013
The Windows Event Log tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security.
Windows 2000, XP and 2003
These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory.
Vista, Windows 2008, and Windows 7
These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.