What is the Event Log and why does it matter?

The event log provides investigators a timeline of events on the device, providing invaluable information to understand the details and conditions a certain event had occurred in.

Types of logs:

There are four main types of logs, these being Application, Securing, System, and Custom.

Application:

This log type contains information related to non-system logs. These being things like Anti-Virus alerts, database notifications, and some services.

Security:

This log type contains information on user logons, failed logons, file and directory access, and more security type details.

System:

This log type specifically deals with system items. This includes reboot, services starting and stopping, system shutdown, etc.

Custom:

This log type is for catching all other logs which may be made, this includes information from DNS, Firewall, Task Scheduler, PowerShell, and more.

Components of each log:

The Windows event logs contain the following data:

1. Log Name - This determines the type of log this is (Application, Security, System, etc)
2. Source - This will contain name of the software responsible for creating the event.