ZENA FORENSICS

A long time ago... It has been a long time since last post, I must sadly admit that. I could argue with many good reasons for this silence, but it's better to avoid useless-reasonable thoughts. I'll say just a couple of things: first, I'd like to share my 2cents so it was not a matter of will; secondarily it's not a matter of missing topics. But sharing is tiresome and labored especially when dealing with DFIR and using a different language (that could be easily spotted, couldn't it?). Finally time scheduling for blogging got 0 slots, and this is the result. OK, let's keep in mind these gold thoughts and let's go (a little) further. EVTX As everybody knows, the EVTX is the Windows Event Log File format used in Microsoft Windows OSes starting from Vista/2008 up to now. When facing with Windows XP / 2003, the event log file format used was EVT. There exist on the Net enough resources describing in (great?) details these formats. In the DFIR t...