During an investigation, Event Logs are tracked because they have a comprehensive form of activities. The "Event Viewer" tool can be used to simply examine the logs.
It is often possible to obtain the following evidence with event log analysis:
-Service start, stop
-Changing user privileges
-Failed login activities
These actions are among the most basic actions seen in any cyber attack. Therefore, event log analysis is really important to find the root cause of the cyber attack.
In Windows systems, there are three main event log titles as Application, System and Security.
It provides log records related to the applications in the system. For example, you can find errors received by an antivirus application running on the system.
Another example is the log generated by edgeupdate: