ETW Forensics - Why use Event Tracing for Windows over EventLog? - - JPCERT/CC Eyes
Common Information
Type Value
UUID 1ab0db8e-787e-48aa-8a0a-a4ea995f0f8c
Fingerprint 689f08c1b5528e36
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 14, 2024, midnight
Added to db Nov. 14, 2024, 2:15 a.m.
Last updated Dec. 11, 2024, 7:14 a.m.
Headline JPCERT/CC Eyes
Title ETW Forensics - Why use Event Tracing for Windows over EventLog? - - JPCERT/CC Eyes
Detected Hints/Tags/Attributes 34/2/12
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 62 JPCERT/CCブログ 英語版 https://blogs.jpcert.or.jp/en/atom.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 4282
github.com
Details Domain 220
learn.microsoft.com
Details Domain 7
www.geoffchappell.com
Details File 4
test.csv
Details File 29
www.geo
Details File 110
index.htm
Details Github username 23
jpcertcc
Details Url 1
https://github.com/jpcertcc/etw-scan
Details Url 1
https://learn.microsoft.com/en-us/windows/win32/etw/about-event-tracing
Details Url 1
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/logman
Details Url 1
https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/index.htm
Details Url 1
https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/tracefmt