On LON-WEB1, open the Event Viewer mmc snap-in, select System Event then select Save Logfile As, save the system event with another name:
Example: C:\Backup\SysEvent-Backup.evt
from LON-WEB1, send the SysEvent-Backup.evt file to CHFI-XP2 machine:
D:\Forensics\Netcat>
nc -v 131.107.1.254 99 < C:\Backup\SysEvent-Backup.evt
from CHFI-XP2 machine, receive the file:
C:\Tools\Netcat>
nc -v -L -p 99 -w 60 > E:\Evidence\SysEvent-Backup.evt
To analyze:
On CHFI-XP2, open Event Viewer and load the file to view the events.
No comments:
Post a Comment