Introducing and analysis of the Windows 8 event log for forensic purposes

Talebi, J, Dehghantanha, A ORCID: and Ramlan, M 2015, 'Introducing and analysis of the Windows 8 event log for forensic purposes' , in: Computational Forensics , Lecture Notes in Computer Science, pp. 145-162.

[img] PDF - Published Version
Restricted to Repository staff only

Download (25MB)


All operating systems are employing some sort of logging mechanism to track and note users activities and Microsoft Windows is not an exception. Log Analysis is one of the important parts of Windows forensics process. The Windows event log system introducing in Windows NT was released with a new feature for Microsoft Windows family and since then went through several major changes and updates. The event log experienced major updated in Windows 8. This paper first introduces Windows 8 event log format and then proceeds with explaining methods for analyzing the logs for digital investigation and incident handling. The main contributions of this paper are introducing Windows8 logging service and forensic examination of it.

Item Type: Book Section
Themes: Media, Digital Technology and the Creative Economy
Schools: Schools > School of Computing, Science and Engineering > Salford Innovation Research Centre
Publisher: Lecture Notes in Computer Science
Refereed: Yes
ISBN: 9783319201245
Related URLs:
Funders: Non funded research
Depositing User: Dr. Ali Dehghantanha
Date Deposited: 18 Aug 2015 17:57
Last Modified: 16 Feb 2022 17:05

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)


Downloads per month over past year