IT System Security Lab Experiment 01

B. Tech CSF-CSE Semester II Course: IT Systems & Physical Security Code: CSSF 2109

Lab Objective: Learn About Logs

Tool:
 Windows OS
 Event Viewer

Steps to perform:

1. Start  type “Event Viewer” OR from “Control Panel”  Admin Tools  “Event Viewer”.

2. Events are placed in different categories, each of which are related to a log that Windows keeps on
events regarding that category.

3. Types of Events:
• Application: records events related to Windows system components  Drivers and built-in
interface elements.
• System: records events related to programs installed on the system.
• Security: When Security logging is enabled (this is off by default in Windows), this log records
events related to security, such as logon attempts and resource access.
• Setup
• Forwarded Events: records events written by other computers in the same network ("source
computers") that have forwarded their events to the "collector computer."
4. Types of events (Information, Warning, Error/Critical)

5. Details about each Log can be checked for details and searched online from EVENT ID

6. Check Vendor Portals (HP, Dell, Microsoft….), Search Engines (Google, Yahoo…) or CVE Details
web portal (https://www.cvedetails.com/) for more information about the events
7. You can also Filter Events to gather only CRITICAL Logs, Save and Export the log to view on other
systems OR another Log Analyzer.

Lab #01 Activities File Work:

1. Perform this Experiment and make a list of 10 critical events you come across in the Windows Logs.

2. Review Critical Log Event IDs and learn about their mitigation steps as per the below table.

Windows Log Source Event ID General Info Mitigation Steps

Write in your own Write in your own
words about the words about the
event by searching event by searching
vendor sites, vendor sites,
search engines or search engines or
CVE Details CVE Details