Ask
Login
0
1.1kviews
Explain areas of OS which are beneficial for Incidence Response investigation.
written 6.8 years ago by gravatar for nisha.vanjari nisha.vanjari 40 modified 6.6 years ago by gravatar for jadhavvaibhav498 jadhavvaibhav498 90

Subject: Digital Forensics

Topic: Preserving and Recovering Digital Evidence

Difficulty: Medium
digital forensics
ADD COMMENT EDIT
1 Answer
0
2views
written 6.6 years ago by gravatar for teamques10 teamques10 67k

In windows system, log files are the best source to collect information of incident. The most important upgrade logs are setupact.log and setuperr.log which you find in different locations depending on the upgrade stage. The two important log files setupact.log and setuperr.log use the following format:

• Date and time.

• Log Level (Info, Warning, Error, Fatal Error)

• Logging Component (CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS)

• Message

Windows Log file locations are as follows (open Event Viewer) –

• Application

• Security

• Setup

• System

• Forwarded events

• Application and service logs

All log file locations contain different log files as

ADD COMMENT EDIT
Please log in to add an answer.