Pau Lo

<div>
MASQ, thank you. Are they in a particular log/or spread across multiple &nbsp;e.g. security.evtx? I need to pull them out of an image of a HDD rather than a live running system.
</div>


MASQ, thank you. Are they in a particular log/or spread across multiple  e.g. security.evtx? I need to pull them out of an image of a HDD rather than a live running system.

<div>
They will all be in the System Event log file but they are spread around at least half a dozen different Sources:<br />
<br />
12 - Kernel General<br />
13 - Kernel General<br />
20 - Kernel Boot<br />
109 - Kernel Power<br />
1074 - User32<br />
6005 - Event Log<br />
6006 - Event Log<br />
6013 - Event Log
</div>


They will all be in the System Event log file but they are spread around at least half a dozen different Sources:

12 - Kernel General
13 - Kernel General
20 - Kernel Boot
109 - Kernel Power
1074 - User32
6005 - Event Log
6006 - Event Log
6013 - Event Log

<div>
<div class="content wysiwyg-content">
are there any specific event logs on windows (windows 7) that indicate the exact time a machine was powered on and off. I know from analysis and testing of security.evtx its pretty close if you pick the first and last event of the day to the time a machine has been on/off but I did wonder if there was an exact event in one of the windows and/or applications and services logs which would specifically relate to power on/off for a laptop device.
</div>
</div>


are there any specific event logs on windows (windows 7) that indicate the exact time a machine was powered on and off. I know from analysis and testing of security.evtx its pretty close if you pick the first and last event of the day to the time a machine has been on/off but I did wonder if there was an exact event in one of the windows and/or applications and services logs which would specifically relate to power on/off for a laptop device.

event logs specific to power on/off (windows 7)

Operating systems perform basic tasks, such as recognizing input from the keyboard, sending output to the display screen, keeping track of files and directories on the disk, and controlling peripheral devices such as disk drives and printers. For large systems, the operating system makes sure that different programs and users running at the same time do not interfere with each other. The operating system is also responsible for security, ensuring that unauthorized users do not access the system. Operating systems provide a software platform on top of which other programs, called application programs, can run.

Operating Systems

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.

Windows Networking

Windows 7 is an operating system from Microsoft. Features include multi-touch support, a redesigned Windows Shell with a new taskbar, referred to as the Superbar, a home networking system called HomeGroup, and performance improvements.