Tips

Testing to see if this update can be published from a different location. And, testing automation. And testing images

Just testing this to see if I remember how to do it. The tech tip for this post is to make sure to leave yourself good notes. It can be in a notebook or online (I prefer this) or local. If you are going to keep it locally, make sure to have multiple copies of the documentation. I always like to save things in the lowest common denominator of files. Good old .

In the time of incidents, Windows Event logs provide a plenty of useful information for the Incident responder.As you know Windows can generate thousands of events in few minutes ,in this diary I will talk about some of the most useful events and in the next diary I would discuss how to use PowerShell to search for them . Here is of the most useful events for Forensics/Incident response: Event ID