No announcement yet.

Feature request

  • Filter
  • Time
  • Show
Clear All
new posts

  • Feature request

    I have found that osforensic search only for some events:

    OsForensics will scan the Windows logs for the following events;

    Security Log Events

    4624 - Account login

    4625 - Failed login attempt

    4634 - Account logoff

    4723 - Password change attempted

    4724 - Password reset attempted

    4740 - User account locked

    4767 - User account unlocked

    System Log Events

    19 - Windows update success

    20 - Windows update failure

    1074 - Shutdown

    6009 - System boot

    20001 - Driver installed

    Application Log Events

    11707 - Product installed

    11708 - Product install failed


    It would be VERY useful to be able to read ALL of the windows logs.
    Can you add an event viewer?

    Mauro Giacomelli (from Italy)

  • #2
    Due to the monumental amount of events that are saved to the logs we only choose a small number of events to search for as part of the Recent Activity module. Displaying all of the logged events as part of OSF (in this module) isn't very feasible.

    We could do a whole new browser in OSF, but there is a simple solution already available.

    You can save the event logs quite easily by going to their disk location, usually C:\Windows\System32\winevt\Logs), and making a copy of the them (eg Application.evtx, Security.evtx etc). These logs can then opened in the default Windows Event Viewer tool by double clicking on them.
    Last edited by Tim (PassMark); 08-22-2013, 11:12 PM.