![]() There will likely be tens of thousands of Application event logs on a system. Once complete, navigate to the Application event logs as shown in this screenshot… You will first need to run a scan to search for any Event Logs that are located on a forensic image file or connected drive. Windows Event Logs are stored at the following path: C:\Windows\System32\winevt\Logs Like many other actions and events recorded within the Windows Event Logs you can analyze these logs for records of uninstalled software. ![]() Open the Event Log Viewer from the Start screen in OSF… Starting in V7, the Event Log Viewer in OSForensics can be used to help identify uninstalled software. ![]() » Identifying uninstalled software Identifying uninstalled software using Event Logs ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |