網路上找到的資源 http://www.deer-run.com/~hal/IREventLogAnalysis.pdf IREventLogAnalysisDownload IREventLogAnalysis.pdf

EventTranscript.db vs .rbs Files and Their Relation to DiagTrackEventTranscript.db provides both a potential boon and challenges for forensic investigations. Read more. Forensically Unpacking EventTranscript.db: An Investigative SeriesKroll has been conducting extensive research on the depth and breadth of the contents of EventTranscript.db. Read more. Forensic Quick Wins with EventTranscript.DB: Win32kTraceLoggingEventTranscript.db contains many events of varying interest to DFIR examiners. Some of the most forensically relevant Event Names explored by Kroll. Read more. Parsing Diagnostic Data With Powershell and Enhanced LoggingEventTranscript.db...