Basil from SANS ISC InfoSec Forums posted a nice overview of the most important Windows Event Logs from a digital forensic point of view. In his next diary he promises to show some examples how to use PowerShell to search Windows Events of a compromised system. Stay tuned!
