How To Use The Windows Event Viewer For Cyber Security Audit

preview_player
Показать описание
How do you view system event logs on a Windows operating system?

In technology jobs, there is an overwhelming pressure to aggregate event logs for all systems in a single location. What happens when we have a security incident or need to troubleshoot an individual system that might not be connected to the network? With the Windows Event Viewer, we can view the local events even if the system is isolated. I am not saying that you will need to do this frequently in most environments, but there will be times in your career where you need this skill.

In this video, I am going to walk you through using the Windows Event Viewer so that you can analyze an individual system’s event logs. I will also show you how to filter specific events by ID, by log, and by application for additional flexibility. Do not let this simple task hold you back in your career!

=============================
Today’s Video Sponsor
=============================

=============================
Popular Cybersecurity Resources
=============================

=============================
Cool Tech that I Use in My Studio
=============================

=============================
Connect with me!
=============================

⏰ Timecodes ⏰
0:00 How To Use The Windows Event Viewer For Cyber Security Audit
2:13 Opening the Windows Event Viewer
3:20 Alternate way to open the Windows Event Viewer
4:01 Filter Event Logs
5:15 Custom Views For Event Logs
7:05 Question of the Day (QOTD)

=============================
#WindowsEventViewer #WindowsBasics #WindowsSecurity

DISCLAIMER: I am an ambassador or affiliate for many brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.

DISCLAIMER (MUSIC): I only use royalty-free music and sound effects.
  1. Jon Good
  2. Jon Good
  3. cybersecurity
  4. cyber security
  5. cyber security jobs
  6. cyber security training for beginners
Рекомендации по теме
Windows 10 (Beginners 0:17:19

Windows 10 (Beginners Guide)

How To Use 0:19:23

How To Use Windows 11! (Complete Beginners Guide)

you NEED to 0:27:39

you NEED to learn Windows RIGHT NOW!!

Windows Basics: Getting 0:02:09

Windows Basics: Getting Started with the Desktop

✔️ Windows 10 0:55:59

✔️ Windows 10 for Dummies, Newbies, and other Fine Beginners

Windows 10 Tips 0:21:03

Windows 10 Tips and Tricks

The complete idiot's 0:44:07

The complete idiot's guide to Windows 11 | How to do EVERYTHING

Windows 10 for 1:21:26

Windows 10 for Beginners Tutorial

Azure Hybrid Benefit 0:01:00

Azure Hybrid Benefit - Dual-use Rights

Meet Windows 11 0:02:28

Meet Windows 11 | The Basics

How to Use 0:09:47

How to Use Windows Security App on Windows 10 (Beginners Guide)

How To Use 0:05:09

How To Use Narrator On Windows 10 [Tutorial]

Windows 10 Tutorial 3:33:34

Windows 10 Tutorial - 3.5 Hour Windows Guide + Windows 10 Tips

10 Ways You're 0:13:57

10 Ways You're Using Your Computer WRONG!

Windows 11 Settings 0:06:32

Windows 11 Settings You Should Change NOW!

How To Use 0:01:57

How To Use Split Screen On Windows 10 (2022)

Beginner's Guide to 0:18:28

Beginner's Guide to Microsoft Word

Windows 10 Tips 0:17:58

Windows 10 Tips & Tricks You Should Be Using!

Always Do THIS 0:09:19

Always Do THIS with a New Laptop

Microsoft Edge - 0:06:17

Microsoft Edge - Tutorial for Beginners - How to Use Windows 10 Browser Settings & New Features ...

How to use 0:28:02

How to use Free Windows 10 Video Editor

How to use 0:07:11

How to use Multiple Desktops on Windows 10

How to take 0:00:39

How to take a screenshot on a PC or laptop with Windows

How to Use 0:09:03

How to Use Remote Desktop Connection Windows 10

Комментарии
Автор

I am studying for my Comptia A+ exam and this video helped me understand something I was unclear on. Thank you.

larkirwan
Автор

This video helped me understand event viewer better, thanks!

benarroyo
Автор

Very informative, thanks for sharing Jon.

toukio_
Автор

brief and precise, i didint know how to use event viewer until i saw this video

tendimukhodobwane
Автор

Thanks for this very interesting vidéo.

flittotech
Автор

Sorry Jon, I like the way you present your videos I just assumed what you would be sharing would be more focused on what logs we would need to be investigating. For instance, the Firewall Log, the DNS log, obviously the Security log etc. Other than that, you present well, are clear and concise and can't fault you!

jswift
Автор

Hi Jon, thank you for the video :)!
I have a question about this. The event ID 4698 and the events of schtasks i can't see them, ¿why is it not displayed in the event viewer?

Thank you!

puazuzu
Автор

Also bears mentioning that you can add MMC snap-ins to view logs on remote computers in a domain. Super convenient as an admin

halfdemon
Автор

I have another question, Jon: Under the Task Category, I don't see Logon or Special Logon. I'm only seeing User Account Man... Does this mean that no external individual has logged onto my system?

vtcl
Автор

please tell me how can i see which files did my windows defender skip during the scan with the help of event viewer or with other ways?
please explain step by step

ruslanmamedaliyev
Автор

how to collect and analyze i kmow but gow to store for future forensics is nuts for 3k maschines

IvarsRuza
Автор

good content here, trying to do forensics on a windows event log file but it is really challenging, do you have any information how i can perform a step by step detailed forensic on windows event viewer log, thanks

FM-zphl
Автор

completing case in Immersive Labs for Hafnium events.. well - we will see if this helps :D we can use only Event Viewer

petrmilota
Автор

Hope its still relevant, i have a question to disable real time protection and find the event id(sounds simple) but when i do that the event id doesnot appear.. even when im in the local(configuration) any suggestions?

ofek_
Автор

Hi Is there any way to know what files are being copied from my laptop to a USB drive. It's timestamp and what folder or file copied... OR If copy log present in the system.

doctorsaikia
Автор

Can you tell us how can we convert the time format to UTC, for example, when we find a event Id and we have to write it in the forensic report it's very common to write the date and time in UTC format.

dariowins
Автор

I have a question and went to event viewer and few month ago I downloaded this application called solidworks. I deleted the application for solidworks but in the event viewer there is still a log file for SW any help? I just want to delete that log file. It’s under application and services 😭 I hate downloading school stuff on my personal gaming PC. I don’t want to clear the log I want to delete that log file***

interfuze
Автор

Hi, i have to define self 3 logging events that can be handy to trace security breachers, and who may see the logging, where is the logging stored en de data van the event, , how, who what, where why when ... i don’t understand what i should do and where should i search could you help me with one of those three, i have a bad teacher 😢

abdullahalrawi
Автор

Hello Jon, i noticed that the event viewer no longer displays the username. how can we get the username for the event logon and logoff?

mrxenosith
Автор

Hello. Do you have a reference you would recommend for looking up event ID’s? Thanks

kcalderon