Windows Event Logs & Finding Evil - Skills Assessment

Event Viewer needs to be opened first, then mentioned evtx. opened as “Open Saved Logs”, proper event ID mentioned here filtered out and there will be only single occurrence with, .exe name starts with “W”.

2 Likes

Pls bro I’m still finding it hard to get through with this chainsaw tool what’s the command to use pls I have done the renaming part just the right word to use after ./chainsaw hunt pls

Pls what’s the event id to search pls its 1 or 10 or 12, am also stuck with this one below :point_down:

By examining the logs located in the “C:\Logs\Dump” directory, determine the process that performed an LSASS dump. Enter the process name as your answer. Answer format: _.exe

Pls have anyone solve this question and if yes which event can one filter to get the info just the event

Hi CipherCHi1, I don’t remember now, proper Event ID was mentioned durign the couse (in this or previous modules) or in this thread.

1 Like

Thanks I figure it out it’s in event 8

1 Like