How To Use The Windows Event Viewer For Cyber Security Audit

my guy

Why does security SPP will occur in windows 10 & why does it completely shuts down all the applications in my system at that moment

Very informative, thanks for sharing Jon.

I 💜 this videooo...

Can you also see who deleted files???

Hi Is there any way to know what files are being copied from my laptop to a USB drive. It's timestamp and what folder or file copied... OR If copy log present in the system.

Hope its still relevant,i have a question to disable real time protection and find the event id(sounds simple) but when i do that the event id doesnot appear.. even when im in the local(configuration) any suggestions?

Hi John great video,after 3 years need t know somebody all of these stuff ?

Q: I got a Kaspersky file on windows log and I cam get rid of it to install a different antivirus.

Can we get the Event Log of a computer remotely ?

Hi Jon, thank you for the video :)!
I have a question about this. The event ID 4698 and the events of schtasks i can't see them, ¿why is it not displayed in the event viewer?

Thank you!

brief and precise, i didint know how to use event viewer until i saw this video

Thank you Jon. That was Good!

Hey Jon, I suspected someone was on my PC uninvited. I went to look at my event viewer logs and they have been cleared! I did not do this, could you help me out? Trying to figure out when they where cleared and when someone was on my PC, gods knows whats been installed. Can anyone help?

Can you tell us how can we convert the time format to UTC, for example, when we find a event Id and we have to write it in the forensic report it's very common to write the date and time in UTC format.

Hello Jon, i noticed that the event viewer no longer displays the username. how can we get the username for the event logon and logoff?

Also bears mentioning that you can add MMC snap-ins to view logs on remote computers in a domain. Super convenient as an admin

Thanks! Gotta investigate a laptop tomorrow

Thank you for this post. Some times if feels better to jump in as you just did but for trying Splunk or DeepBlueCLi

Explain the concept of logging? where are they located in windows and linux? sho b w an example of failed login logging in windows event viewer

Hi my friend. I am trying write script for task scheduler for sending realtime all logs to telegram channel. can you help me?

Hey jon,
Sorry i am learning about this but you are my best shot at getting the proof here. Long story short, some of the veryyy imp files have been deleted from google drive and even from trash. I know who did it from my laptop when i was away, it does say I deleted it because laptop had g-drive logged in. I am in reallll trouble now. All i want is a proof that my laptop was used between X-Y dates so that i can prove my innocence. I already am down the rabbit hole and i have reached here. Please guide me if this can be done from event viewer. All i want is confirmation that laptop was used during the dates when i wasn’t around. Even better if we can see someone opened g-drive.

Sorry but this video is a joke

I have a question and went to event viewer and few month ago I downloaded this application called solidworks. I deleted the application for solidworks but in the event viewer there is still a log file for SW any help? I just want to delete that log file. It’s under application and services 😭 I hate downloading school stuff on my personal gaming PC. I don’t want to clear the log I want to delete that log file***

Nice video bro i am also an IT guy

Thanks Jon Good

Sorry Jon, I like the way you present your videos I just assumed what you would be sharing would be more focused on what logs we would need to be investigating. For instance, the Firewall Log, the DNS log, obviously the Security log etc. Other than that, you present well, are clear and concise and can't fault you!

Hello. Do you have a reference you would recommend for looking up event ID’s? Thanks

Onboard system software is dece enough

0% audio. I tried other videos and they worked.

Thank You very much for this grate information...!!! In my computer shows to many times the ID 4672 Special Logon and ID 4624 Logon and I don´t know if this means tha some from out side is looking my personal information or it is just a simple thing from Windows Event...!!! Will you be so nice just to let me know if this could be dangerous or not...!!! I will appreciate so mucho...!!! I send you a big hug from México City...!!! God Bless You Always...!!!

Thanks for this very interesting vidéo.

how can you do this using Autopsy?

Wow. You’re Good

How can I filter logs by date(s)?

A hotspot showed up on my available networks does a laptop have a log of that hotspot even though i never connected to it???

how to display those security events using c or c++ program

I have come across some events that occurred during the wee hours of the morning while I was sleeping. Is there a way for me to find out its location?

I have another question, Jon: Under the Task Category, I don't see Logon or Special Logon. I'm only seeing User Account Man... Does this mean that no external individual has logged onto my system?

This is an excellent video. Is it a red flag to see several deleted events at the end of the list? My laptop is used only by me

Does event viewer clear it's own logons after so long or do you have to manually clear them out?

Waste of my time

HOW TO TAKE AD AUDIT LOGS FOR 3-6 MONTHS

Good Content :)

How far back can event logs go as a maximum?

please tell me how can i see which files did my windows defender skip during the scan with the help of event viewer or with other ways?
please explain step by step

Do you have a brother that does vjdsa out air travel by any chance

completing case in Immersive Labs for Hafnium events.. well - we will see if this helps :D we can use only Event Viewer