- Learning Network Forensics
- Samir Datt
- 376字
- 2021-07-16 12:58:53
Collecting network logs
All machines on your network are not likely to be Linux; therefore, to keep a balance of things, we will use Windows as an example for this exercise.
To start Event Viewer, click on the start button and write Event Viewer, as shown in the following screenshot:
The Event Viewer will open up as shown in the following screenshot:
Event Viewer stores consists of the following components:
- Custom Views
- Windows Logs
- Applications and Services Logs
The different views stores are as follows:
- Custom Views:
- Administrative Events: This contains the Critical, Error, and Warning events from all administrative logs, as shown in the following screenshot:
- Location Activity: As the name suggests, this contains the location activity, as shown in the following screenshot:
- Administrative Events: This contains the Critical, Error, and Warning events from all administrative logs, as shown in the following screenshot:
- Windows Logs: Windows log stores events from legacy applications and events that apply to the entire system:
- Application: The Application log stores events logged by the applications or programs. For example, a database progmemory might record a file error in the application log. The developers of the progmemory module decide which events to log, as shown in the following screenshot:
- Security: The Security log stores events such as valid and invalid log on attempts as well as events related to resource use, such as creating, opening, or deleting files or other objects. Administrators can specify which events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log, as shown in the following screenshot:
- Setup: The Setup log stores events related to application set up, as shown in the following screenshot:
- System: The System log stores events logged by the Windows system components. For example, the failure of a driver or other system component to load during startup is recorded in the System log. The event types logged by system components are predetermined by Windows, as shown in the following screenshot:
- Forwarded Events: The Forwarded Events logs store events collected from remote computers, as shown in the following screenshot:
- Application: The Application log stores events logged by the applications or programs. For example, a database progmemory might record a file error in the application log. The developers of the progmemory module decide which events to log, as shown in the following screenshot:
- Application and Services Logs: These logs store events from a single application or component rather than events that might have system-wide impact:
- Broadband Wireless LAN:
- Hardware Events:
- Internet Explorer:
- Key Management Services:
- Media Center:
- Windows event logs:
- Broadband Wireless LAN:
推薦閱讀
- Google Flutter Mobile Development Quick Start Guide
- 程序設計與實踐(VB.NET)
- Hands-On Machine Learning with scikit:learn and Scientific Python Toolkits
- R語言游戲數據分析與挖掘
- Apache Hive Essentials
- Python進階編程:編寫更高效、優雅的Python代碼
- 云原生Spring實戰
- C++ 從入門到項目實踐(超值版)
- Flux Architecture
- HTML5從入門到精通 (第2版)
- 智能手機APP UI設計與應用任務教程
- Qt5 C++ GUI Programming Cookbook
- Mastering AWS Security
- OpenCV Android開發實戰
- R語言實戰(第2版)