Join Sandra Toner for an in-depth discussion in this video Checking the Windows audit log, part of Learning Computer Security Investigation and Response.
- In this video, I'll talk about Windows logs.…All versions of Windows support logging.…Here's an idea of some of the logs…that are particularly important to a forensic investigator.…There's the security log.…This captures successful and unsuccessful login events.…There's also the application log.…This has events logged by applications and programs.…The system log contains events…that were logged by Windows system components.…Let's take a look at how to locate the logs in Windows.…
First, we need to open up the Control Panel.…There's a couple of ways to open the Control Panel.…I'm going to go from the Start menu…and type in Control Panel.…From here, you'll want to select System and Security.…At the bottom of this window,…select Administrative Tools.…Here, you'll see the Event Viewer.…The Event Viewer shows Windows logs from your system.…If you click on the Action button,…you also have the option to connect to another computer,…to check those Windows logs.…
Let's check out a specific Windows log.…First, to the far left,…
Author
Sandra Toner
Released
12/16/2015This course covers the basics of computer forensics and cyber crime investigation. Author Sandra Toner provides an overview of forensic science, and discusses best practices in the field and the frameworks professionals use to conduct investigations. Then, after showing how to set up a simple lab, Sandra describes how to respond to a cyber incident without disturbing the crime scene. She dives deep into evidence collection and recovery, explaining the differences between collecting evidence from Windows, Mac, and Linux machines. The course wraps up with a look at some of the more commonly used computer forensics software tools.
- Applying science to digital investigations
- Understanding forensic frameworks
- Defining cyber crime: harassment, hacking, and identity theft
- Setting up a forensic lab
- Responding to cyber incidents
- Collecting and recovering evidence
- Examining networks for evidence
- Applying forensics to Windows, Mac, and Linux
- Working with forensics tools
Skill Level Beginner
Duration
Views
-
Introduction
-
Welcome33s
-
-
1. Understanding Forensic Science
-
Identifying digital evidence2m 20s
-
2. Defining Cyber Crime
-
Classifying cyber crime1m 52s
-
Defining identity theft3m 35s
-
Examining cyber harassment4m 28s
-
-
3. Setting Up a Forensic Lab
-
Building a knowledgebase2m 43s
-
Working with evidence1m 28s
-
Equipping the lab1m 23s
-
Selecting forensic software2m 50s
-
-
4. Responding to a Cyber Incident
-
Discovering an incident2m 59s
-
Preserving evidence2m 9s
-
Reporting cyber incidents4m 28s
-
-
5. Collecting Evidence
-
Following protocol2m 25s
-
Storing evidence2m 28s
-
Imaging evidence1m 59s
-
-
6. Recovering Evidence
-
Finding hidden data4m 44s
-
Resurrecting data2m 36s
-
Working with damaged media2m 39s
-
Viewing browser history2m 11s
-
-
7. Network-Based Evidence
-
Checking out firewall logs1m 17s
-
Detecting network intrusion2m 10s
-
Examining router evidence1m 42s
-
-
8. Windows Forensics
-
Finding Windows directories1m 54s
-
9. Macintosh Forensics
-
Applying forensics to a Mac3m 17s
-
Checking out Mac logs2m 2s
-
Finding Mac directories1m 40s
-
-
10. Linux Forensics
-
Checking out Linux log files3m 40s
-
Finding Linux directories2m 28s
-
11. Forensic Tools
-
Conclusion
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Checking the Windows audit log