CSOonline

How to optimize Windows event logging to better investigate attacks

The default event logging in Windows 10 won't give you enough information to properly conduct intrusion forensics. These settings and tools will help you collect the needed log data. After a ...
Ars Technica

Windows Event Log - why so complicated?

I'm writing a Windows app in unmanaged C++ and want to log some simple events to the Application log. I'm normally a *nix guy and am used to being able to just call syslog() (or asl(3) on Mac OS X). I ...

Microsoft bakes one of its best security tools right into Windows 11

Microsoft is apparently integrating System Monitor (Sysmon) directly into Windows 11. This pro-level tool allows you to ...

Microsoft rolls out native Sysmon monitoring in Windows 11

Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider ...
CSOonline

How and when to set Windows logging to UTC time

As networks become more distributed and cloud-based, you should consider changing servers to UTC time to ensure proper syncing. This will help with forensics investigations. The concept of time zones ...