Комментарии:
my guy
ОтветитьWhy does security SPP will occur in windows 10 & why does it completely shuts down all the applications in my system at that moment
ОтветитьVery informative, thanks for sharing Jon.
ОтветитьI 💜 this videooo...
ОтветитьCan you also see who deleted files???
ОтветитьHi Is there any way to know what files are being copied from my laptop to a USB drive. It's timestamp and what folder or file copied... OR If copy log present in the system.
ОтветитьHope its still relevant,i have a question to disable real time protection and find the event id(sounds simple) but when i do that the event id doesnot appear.. even when im in the local(configuration) any suggestions?
ОтветитьHi John great video,after 3 years need t know somebody all of these stuff ?
ОтветитьQ: I got a Kaspersky file on windows log and I cam get rid of it to install a different antivirus.
ОтветитьCan we get the Event Log of a computer remotely ?
ОтветитьHi Jon, thank you for the video :)!
I have a question about this. The event ID 4698 and the events of schtasks i can't see them, ¿why is it not displayed in the event viewer?
Thank you!
brief and precise, i didint know how to use event viewer until i saw this video
ОтветитьThank you Jon. That was Good!
ОтветитьHey Jon, I suspected someone was on my PC uninvited. I went to look at my event viewer logs and they have been cleared! I did not do this, could you help me out? Trying to figure out when they where cleared and when someone was on my PC, gods knows whats been installed. Can anyone help?
ОтветитьCan you tell us how can we convert the time format to UTC, for example, when we find a event Id and we have to write it in the forensic report it's very common to write the date and time in UTC format.
ОтветитьHello Jon, i noticed that the event viewer no longer displays the username. how can we get the username for the event logon and logoff?
ОтветитьAlso bears mentioning that you can add MMC snap-ins to view logs on remote computers in a domain. Super convenient as an admin
ОтветитьThanks! Gotta investigate a laptop tomorrow
ОтветитьThank you for this post. Some times if feels better to jump in as you just did but for trying Splunk or DeepBlueCLi
ОтветитьExplain the concept of logging? where are they located in windows and linux? sho b w an example of failed login logging in windows event viewer
ОтветитьHi my friend. I am trying write script for task scheduler for sending realtime all logs to telegram channel. can you help me?
ОтветитьHey jon,
Sorry i am learning about this but you are my best shot at getting the proof here. Long story short, some of the veryyy imp files have been deleted from google drive and even from trash. I know who did it from my laptop when i was away, it does say I deleted it because laptop had g-drive logged in. I am in reallll trouble now. All i want is a proof that my laptop was used between X-Y dates so that i can prove my innocence. I already am down the rabbit hole and i have reached here. Please guide me if this can be done from event viewer. All i want is confirmation that laptop was used during the dates when i wasn’t around. Even better if we can see someone opened g-drive.
Sorry but this video is a joke
ОтветитьI have a question and went to event viewer and few month ago I downloaded this application called solidworks. I deleted the application for solidworks but in the event viewer there is still a log file for SW any help? I just want to delete that log file. It’s under application and services 😭 I hate downloading school stuff on my personal gaming PC. I don’t want to clear the log I want to delete that log file***
ОтветитьNice video bro i am also an IT guy
ОтветитьThanks Jon Good
ОтветитьSorry Jon, I like the way you present your videos I just assumed what you would be sharing would be more focused on what logs we would need to be investigating. For instance, the Firewall Log, the DNS log, obviously the Security log etc. Other than that, you present well, are clear and concise and can't fault you!
ОтветитьHello. Do you have a reference you would recommend for looking up event ID’s? Thanks
ОтветитьOnboard system software is dece enough
Ответить0% audio. I tried other videos and they worked.
ОтветитьThank You very much for this grate information...!!! In my computer shows to many times the ID 4672 Special Logon and ID 4624 Logon and I don´t know if this means tha some from out side is looking my personal information or it is just a simple thing from Windows Event...!!! Will you be so nice just to let me know if this could be dangerous or not...!!! I will appreciate so mucho...!!! I send you a big hug from México City...!!! God Bless You Always...!!!
ОтветитьThanks for this very interesting vidéo.
Ответитьhow can you do this using Autopsy?
ОтветитьWow. You’re Good
ОтветитьHow can I filter logs by date(s)?
ОтветитьA hotspot showed up on my available networks does a laptop have a log of that hotspot even though i never connected to it???
Ответитьhow to display those security events using c or c++ program
ОтветитьI have come across some events that occurred during the wee hours of the morning while I was sleeping. Is there a way for me to find out its location?
ОтветитьI have another question, Jon: Under the Task Category, I don't see Logon or Special Logon. I'm only seeing User Account Man... Does this mean that no external individual has logged onto my system?
ОтветитьThis is an excellent video. Is it a red flag to see several deleted events at the end of the list? My laptop is used only by me
ОтветитьDoes event viewer clear it's own logons after so long or do you have to manually clear them out?
ОтветитьWaste of my time
ОтветитьHOW TO TAKE AD AUDIT LOGS FOR 3-6 MONTHS
ОтветитьGood Content :)
ОтветитьHow far back can event logs go as a maximum?
Ответитьplease tell me how can i see which files did my windows defender skip during the scan with the help of event viewer or with other ways?
please explain step by step
Do you have a brother that does vjdsa out air travel by any chance
Ответитьcompleting case in Immersive Labs for Hafnium events.. well - we will see if this helps :D we can use only Event Viewer
Ответить