Skip to Main content Skip to Navigation
Conference papers

Windows Event Forensic Process

Abstract : Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.
Document type :
Conference papers
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, November 8, 2016 - 10:47:26 AM
Last modification on : Thursday, March 5, 2020 - 4:46:28 PM
Long-term archiving on: : Tuesday, March 14, 2017 - 10:37:37 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.87-100, ⟨10.1007/978-3-662-44952-3_7⟩. ⟨hal-01393763⟩



Record views


Files downloads