Hello Reader,
I was going back through default event logs when I ran across an event log for VHD actions that was described in Harlan Carvey's Windows Forensic Analysis Toolkit. There is an event log named "Microsoft-Windows-VHDMP-Operational.evtx"n that contains entries from creating, provisioning and mounting/unmounting VHDs.
If I was aware of this I must have forgotten but it was something I thought would be useful for the future so I decided to document it here. Here is an example of a VHD being attached to my Windows 10 system.
I was going back through default event logs when I ran across an event log for VHD actions that was described in Harlan Carvey's Windows Forensic Analysis Toolkit. There is an event log named "Microsoft-Windows-VHDMP-Operational.evtx"n that contains entries from creating, provisioning and mounting/unmounting VHDs.
If I was aware of this I must have forgotten but it was something I thought would be useful for the future so I decided to document it here. Here is an example of a VHD being attached to my Windows 10 system.
Also Read: Daily Blog #480
Post a Comment