MoVP 2.3 Event Logs and Service SIDs
by Jamie Levy | Sep 19, 2012 | forensics, movp, volatility, windows
Month of Volatility Plugins In this post we will discuss how you can recover event logs from Windows XP/2003 machines from memory as well as how to calculate Service SIDs which can potentially be used to link specific event records with the windows service that...
You must be logged in to post a comment.