Viewing a corrupt security event log
I don't need help fixing the event viewer. I need help opening a saved security event log that was corrupt. I need to be able to review the log. Does anyone have any ideas how I can do this? I receive a, "The data is invalid" error message when attempting
to open the SecEvent.Evt file.J. Swann Information Security Engineer
September 28th, 2012 2:32pm
Follow the procedure here
http://www.stevebunting.org/udpd4n6/forensics/repaireventlogfile.htm
Rgds
Milos
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2012 4:03pm
Thanks, I did see that. I couldn't get beyond step 1. My log did not return any results for the hex value in mentioned.
J. Swann Information Security Engineer
September 28th, 2012 4:12pm
Hi,
Please check if
PsLogList can help you.
Please also note that you may need administrator privileges to read the Security event log.
Hope this helps.
Jeremy Wu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2012 2:30pm
Hi,
Please check if
PsLogList can help you.
Please also note that you may need administrator privileges to read the Security event log.
Hope this helps.
Jeremy Wu
TechNet Community Support
October 1st, 2012 2:32pm
No mas. That utility is only helpful for healthy logs. When I attempted to run it against the corrupt log file it simply stated:
SecEvent.Evt:
Could not open SecEvent.Evt event log on <hostname>:
The event log file is corrupted.J. Swann Information Security Engineer
Free Windows Admin Tool Kit Click here and download it now
October 9th, 2012 2:40pm