During a forensic investigation, Windows Event Logs are the primary source of evidence.Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory. According to the version of Windows installed on the system under investigation, the number…
Article Link: https://www.andreafortuna.org/2019/06/12/windows-security-event-logs-my-own-cheatsheet/