You say 'happened' which I would take to mean past tense; in which case
the Windows Forensic Tool Chest is and excellent tool that will pull out
loads of data about your system.
It was written by a guy for his SANS Forensics project and it digs
really deep into the history of your box. However it only gives you
snap shots - ie when it is run, as opposed to the 'live reporting' tools
that others have pointed out.
URL= http://www.foolmoon.net/security/wft/
HTH
Steve A
<Insert some TLAs here.........>
Logically Secure
-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of mybayern1974_at_sjtu.edu.cn
Sent: 02 November 2007 01:38
To: honeypots_at_securityfocus.com
Subject: How to monitor events in Windows?
I want to know everything happend in my Windows box, including both
local events and network events. Is there such a tool? I know sebek is a
good choise, but unfortunately the sebek client is unable to work in
windows box located in Virtual Machine like VMware. (It will cause "blue
screen" when rebooting after finishing configuration.) Furthermore, I
know another choice named "spector", but it's a commercial one.
So, is there any free one I can get?
Thanks in advance!
Received on Nov 04 2007
Intro
