Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Barrie Codona, BSc (Hons) Network Computing, 2007<br />
Figure 3: Copying <strong>the</strong> <strong>Windows</strong> security log.<br />
With <strong>the</strong> results <strong>of</strong> this experiment combined with <strong>the</strong> results <strong>of</strong> previous one, it is<br />
now possible to attempt to replace <strong>the</strong> event log from one machine with that <strong>of</strong><br />
ano<strong>the</strong>r.<br />
Experiment 3 - Swapping <strong>the</strong> <strong>Event</strong> <strong>Log</strong> from one computer to ano<strong>the</strong>r. For this<br />
experiment a combination <strong>of</strong> <strong>the</strong> first two experiments was used, <strong>the</strong> <strong>Event</strong> <strong>Log</strong>ging<br />
Service on Server B was set to disabled <strong>and</strong> <strong>the</strong> machine was restarted. The event log<br />
on Server B was <strong>the</strong>n replaced with <strong>the</strong> one that had been copied from Server A <strong>and</strong><br />
<strong>the</strong> event logging service restarted. Figure 4 shows this.<br />
24