Feature request

mgiako

Newbie

Join Date: Aug 2013

Posts: 1
- Share
- Tweet
#1

Feature request

Aug-22-2013, 07:58 PM

I have found that osforensic search only for some events:

--------------
OsForensics will scan the Windows logs for the following events;

Security Log Events

� 4624 - Account login

� 4625 - Failed login attempt

� 4634 - Account logoff

� 4723 - Password change attempted

� 4724 - Password reset attempted

� 4740 - User account locked

� 4767 - User account unlocked

System Log Events

� 19 - Windows update success

� 20 - Windows update failure

� 1074 - Shutdown

� 6009 - System boot

� 20001 - Driver installed

Application Log Events

� 11707 - Product installed

� 11708 - Product install failed

-----------

It would be VERY useful to be able to read ALL of the windows logs.
Can you add an event viewer?

Thanks
Mauro Giacomelli (from Italy)
Tags: None
Tim (PassMark)

Senior Member

Join Date: Mar 2005

Posts: 1723
- Share
- Tweet
#2

Aug-22-2013, 10:46 PM

Due to the monumental amount of events that are saved to the logs we only choose a small number of events to search for as part of the Recent Activity module. Displaying all of the logged events as part of OSF (in this module) isn't very feasible.

We could do a whole new browser in OSF, but there is a simple solution already available.

You can save the event logs quite easily by going to their disk location, usually C:\Windows\System32\winevt\Logs), and making a copy of the them (eg Application.evtx, Security.evtx etc). These logs can then opened in the default Windows Event Viewer tool by double clicking on them.

Last edited by Tim (PassMark); Aug-22-2013, 11:12 PM.
Comment

Announcement

Feature request

Comment