Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats. The tool is designed to assist in the first-response ...

The default Event Log Viewer in Windows 11/10 is very effective at what it sets out to do but doesn’t do everything one might need from such a tool. And that’s fine because the basis is what most ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. This article dives into the happens-before ...

This is perfect for network administrators managing remote systems. For less critical stuff, like an app crash (ID 1001), you ...

Windows Event Viewer is a way to see all the logged events. However, if you see missing events in the event log, you may miss some important data. Logs are useful when trying to figure out if the ...

Free unofficial patches are available for a new Windows zero-day flaw dubbed EventLogCrasher that lets attackers remotely crash the Event Log service on devices within the same Windows domain. This ...

Event 4688 documents each program a computer executes, its identifying data, and the process that started it. Several event 4688s occur on your system when you log into a system. For example, Session ...

XP's Event Viewer and Vista's Windows Event Logs can help diagnose system woes, but Sysinternals' free Process Explorer gives you the real inside scoop. Dennis O'Reilly began writing about workplace ...

I'm trying to trouble shoot a crazy installation issue installing a published app on WTS. For the life of me I cannot figure out why the Microsoft Installer keeps rolling back and the only thing I can ...

This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) ...