Specialized DFIR: Windows Event Log Forensics

Focused View

Tyler Hudak

38:06

37 View

1. Course Overview

1. Course Overview.mp4

01:24

2. Windows Event Logs Concepts

1. Introduction.mp4

00:37

2. Windows Event Logs.mp4

01:16

3. Event Logs and Analysis Tips.mp4

02:21

4. Course Scenario.mp4

01:17

5. Conclusion.mp4

00:26

3. Triage Analysis of Windows Event Logs

1. Introduction.mp4

00:32

2. Triage Analysis.mp4

01:32

3. Demo - Running Chainsaw.mp4

02:08

4. Demo - Analyzing Chainsaw Output.mp4

05:26

5. Conclusion.mp4

00:53

4. Windows Security Events

1. Introduction.mp4

00:38

2. Windows Authentication Events.mp4

02:13

3. Demo - Analyzing Windows Authentication Events.mp4

06:03

4. Demo - Analyzing Process Execution Events.mp4

03:28

5. Conclusion.mp4

01:20

5. Conclusion

1. Introduction.mp4

00:49

2. Triage Log Analysis.mp4

01:43

3. Manual Log Analysis.mp4

01:11

4. Analysis Tips.mp4

01:13

5. Conclusion.mp4

01:36

Description

Analyzing Windows event logs provides key information on system activities during an investigation. This course will teach you what events to focus on during your analysis and how to quickly obtain information.

What You'll Learn?

Windows event logs contain lots of information that assist investigations in determining what happened on a system. However, some of this information is hidden within the multitude of event logs on a system. In this course, Specialized DFIR: Windows Event Log Forensics, you’ll learn how to focus your event log investigation to find signs of compromise and suspicious activities. First, you’ll explore how to quickly go through event logs and find key events to focus on. Next, you’ll discover what logs and events provide different pieces of information. Finally, you’ll learn how to combine all of this information to have a comprehensive view of the malicious activities that took place on a compromised system. When you’re finished with this course, you’ll have the skills and knowledge needed to perform event log forensics on a Windows system.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Windows Server

Windows 10

Windows 11

Tyler Hudak

Instructor's Courses

Tyler Hudak has more than 15 years of extensive real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple Fortune 500 firms. He has spoken and taught at a number of security conferences on the topics of malware analysis, incident response, and penetration testing, and brings his frontl ine experience and proven techniques to bear in his training.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.