As a PC user, diagnosing performance issues, blue screens, and weird behavior comes with the territory. Windows is often the culprit behind many of these problems, but it also has a built-in ...

Continued use of Windows will generate a large number of log files, but how can one easily monitor these files without having to go through a series of mouse clicks? Well, recently, we’ve been testing ...

The log-on/log-off category of the Windows security log gives you the ability to monitor all attempts to access the local computer. In this article I’ll examine each log-on type in greater detail and ...

Finding ransomware traces in Event Logs The investigation strategy proposed by JPCERT/CC covers four types of Windows Event Logs: Application, Security, System, and Setup logs. These logs often ...

Event 4688 documents each program a computer executes, its identifying data, and the process that started it. Several event 4688s occur on your system when you log into a system. For example, Session ...

I'm writing a Windows app in unmanaged C++ and want to log some simple events to the Application log. I'm normally a *nix guy and am used to being able to just call syslog() (or asl(3) on Mac OS X). I ...

If you want to enable or disable Protected Event Logging in Windows 11 and Windows 10, this step-by-step guide helps you go through the process. However, you must include an Encryption certificate if ...

When an unexpected problem occurs in a Windows environment, the first step in resolving that problem is usually to gather information. After all, you need to know what happened before you can fix it.

SIEM and SOAR allow enterprises to collect and correlate log event data but may not be the ideal choice for every organization. Microsoft’s Windows Event Forwarding aggregates system event logs from ...

Microsoft has released Sysmon 12, and it comes with a useful feature that logs and captures any data added to the Windows Clipboard. This feature can help system administrators and incident responders ...