al_ghamdi
asked on
How can i restore securty log when it cleans?
I have important case.
An IT employee in my company recieved insult message from IT employee, the employee who sent email said he didn't sent this email and other employee reset his password and login by his account and sent the email and he didn't know any thing about this email.
I made some investigation about this case and I checked the security log file to find when the password resets and who made that, but I found the log is clear and the admin make schedule every 65k.
Can I restore the security log?Who?
An IT employee in my company recieved insult message from IT employee, the employee who sent email said he didn't sent this email and other employee reset his password and login by his account and sent the email and he didn't know any thing about this email.
I made some investigation about this case and I checked the security log file to find when the password resets and who made that, but I found the log is clear and the admin make schedule every 65k.
Can I restore the security log?Who?
I am not aware of a way to restore the log once it has been cleared down, unless you saved the logs in an *.evt file
As Kevin said, there is no way. You only options is if you have full backup of the server/worstation before the Security Log was cleared.
If this is the situation, you can restore the following folder %SystemRoot%\System32\Conf ig that is where the logs are stored in evt format as Kevin said.
Then from Event Viewer you will be able to go to Actions -> Open Log file and choose the restored evt to open.
Pere
If this is the situation, you can restore the following folder %SystemRoot%\System32\Conf
Then from Event Viewer you will be able to go to Actions -> Open Log file and choose the restored evt to open.
Pere
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forced accept.
Computer101
EE Admin
Computer101
EE Admin