New
#1
processing bsod
As bsod event logs are viewed it seems the log grows and grows contaminating new event logs with the old ones.
Today when I viewed an event log it displayed:
Event[32864]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2017-05-31T23:01:46.889 Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-21-760910800-1409565556-4028094100-1001 User Name: DESKTOP-3JKT9I9\degra Computer: DESKTOP-3JKT9I9 Description: The access history in hive \??\C:\Users\defaultuser0\NTUSER.DAT was cleared updating 841 keys and creating 53 modified pages.
The above event log number: Event[32864]:
How do you clean up the event logs so that each bsod analysis is not contaminated by earlier viewing?
1) After using the debugger what is the first log that you generally start with?
2) When you start analyzing bsod what are the steps that you make with each of the logs?
3) When you view logs which find terms to you usually use?
4) Where do you find on the web site/tutorials the list of drivers?
5) Which log file typically has information on whether the windows is authentic or pirated? And what do you search for to make this conclusion?