killchain-compendium/Forensics/Windows Event Logs.md

# Windows Event Log

## Dump Logfile

Windows Event Logfiles can be dumped via
```sh
evtx_dump $EVENT_LOG > event.log
evtx_dump -o json $EVENT_LOG > event.log
```
bump 2023-02-26 21:45:17 +01:00			`# Windows Event Log`

			`## Dump Logfile`

			`Windows Event Logfiles can be dumped via`
			```sh
			`evtx_dump $EVENT_LOG > event.log`
			`evtx_dump -o json $EVENT_LOG > event.log`
			```