Return to site
Return to site

The logon process was unable to display security

broken image

Old Windows events can be converted to new events by adding 4096 to the Event ID.

broken image
broken image

Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.Īccording to the version of Windows installed on the system under investigation, the number and types of events will differ, so the events logged by a Windows XP machine may be incompatible with an event log analysis tool designed for Windows 8.įor example, Event ID 551 on a Windows XP machine refers to a logoff event the Windows 7 equivalent is Event ID 4647. During a forensic investigation, Windows Event Logs are the primary source of evidence.

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save