| Microsoft Windows event logs are central to conducting an investigation when determining whether or not a virus has been installed on a targeted system. However, there was very little substantial research about Windows event logs and how they are used in conducting an investigation. This research explores forensic artifacts recovered during an investigation to determine whether or not a virus is the actual culprit. The research describes the relevance of the event logs and discusses various techniques used for investigators to collect and examine these logs. A dearth of viruses are installed and run in a virtual environment to determine what events will populate in these logs. This research also explains a variety of the best practices there are regarding the use of Windows event logs in an investigation.;Keywords: Cybersecurity, Professor Christopher Riddell, Security Logs, Application Logs, System Logs, Event ID. |
