Honeypots mailing list archives

RE: How to monitor events in Windows?

From: "Steve Armstrong" <stevearmstrong () logicallysecure com>
Date: Sun, 4 Nov 2007 12:06:53 -0000

You say 'happened' which I would take to mean past tense; in which case
the Windows Forensic Tool Chest is and excellent tool that will pull out
loads of data about your system.  

It was written by a guy for his SANS Forensics project and it digs
really deep into the history of your box.  However it only gives you
snap shots - ie when it is run, as opposed to the 'live reporting' tools
that others have pointed out.

URL= http://www.foolmoon.net/security/wft/

HTH

Steve A

<Insert some TLAs here.........>

Logically Secure 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of mybayern1974 () sjtu edu cn
Sent: 02 November 2007 01:38
To: honeypots () securityfocus com
Subject: How to monitor events in Windows?

I want to know everything happend in my Windows box, including both
local events and network events. Is there such a tool? I know sebek is a
good choise, but unfortunately the sebek client is unable to work in
windows box located in Virtual Machine like VMware. (It will cause "blue
screen" when rebooting after finishing configuration.) Furthermore, I
know another choice named "spector", but it's a commercial one.

So, is there any free one I can get?

Thanks in advance!

Current thread:

How to monitor events in Windows? mybayern1974 (Nov 02)
- RE: How to monitor events in Windows? Njoku, George O. (Nov 02)
- Re: How to monitor events in Windows? Jan Heisterkamp (Nov 02)
- Re: How to monitor events in Windows? Parvinder Bhasin (Nov 02)
- RE: How to monitor events in Windows? Steve Armstrong (Nov 04)
- <Possible follow-ups>
- Re: How to monitor events in Windows? ccelen (Nov 02)
- RE: How to monitor events in Windows? Francisco Rodrigo Cortinas Maseda (Nov 02)