All operating systems are employing some sort of logging mechanism to track and note users activities and Microsoft Windows is not an exception. Log Analysis is one of the important parts of Windows forensics process. The Windows event log system introducing in Windows NT was released with a new feature for Microsoft Windows family and since then went through several major changes and updates. The event log experienced major updated in Windows 8. This paper first introduces Windows 8 event log format and then proceeds with explaining methods for analyzing the logs for digital investigation and incident handling. The main contributions of this paper are introducing Windows8 logging service and forensic examination of it.
CITATION STYLE
Talebi, J., Dehghantanha, A., & Mahmoud, R. (2015). Introducing and analysis of the Windows 8 event log for forensic purposes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8915, pp. 145–162). Springer Verlag. https://doi.org/10.1007/978-3-319-20125-2_13
Mendeley helps you to discover research relevant for your work.