![]() To quickly identify logs that contain information about uninstalled software, use the Preset filtering options that are available in the drop-down menu…Ĭhoose the ‘Software Package Removal Success’ preset which will then filter and present you with all logs with Event ID 11724 that deal with software uninstallation. There will likely be tens of thousands of Application event logs on a system. Once complete, navigate to the Application event logs as shown in this screenshot… You will first need to run a scan to search for any Event Logs that are located on a forensic image file or connected drive. Windows Event Logs are stored at the following path: C:\Windows\System32\winevt\Logs Like many other actions and events recorded within the Windows Event Logs you can analyze these logs for records of uninstalled software. ![]() ![]() Open the Event Log Viewer from the Start screen in OSF… Starting in V7, the Event Log Viewer in OSForensics can be used to help identify uninstalled software. ![]() » Identifying uninstalled software Identifying uninstalled software using Event Logs ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |