My DFIR Blog
Digital Forensics & Incident Response & Reverse Engineering & Vulnerability Research
Introducing the Microsoft Vista event log file format
sciencedirect.comSeveral operating systems provide a central logging service which collects event messages from the kernel and applications, filters them and writes th…
Windows event logs were cleared, but resurrected in another file!
TL;DR: The Windows Event Logging Service contains a bug (use of uninitialized memory) that sometimes results in recently deleted (cleared) log entries being stored in other (unrelated) *.evtx journ…