andreafortuna.org
#Windows #Security #Event #Logs: my own #cheatsheet
During a #forensic investigation, Windows Event Logs are the primary source of evidence. Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered #artifacts, but a deep knowledge of events IDs is mandatory.