Carving EVTX

Windows OSĀ uses a specific file format in order to store the logs generated by the different programs running on the system. One can usually find those logs at path C:\Windows\System32\winevt\Logs. According to the settings of your OS you can find a bunch of useful information that you may want to recover under some circumstances. more ...