0

I'm looking to start a service where I collect Windows events from consumer computers over an SSL link (https) but I want to make sure that extremely sensitive information wouldn't be contained in the data (especially if a hacker got a hold of the information)

Gabriel Graves
  • 181
  • 2
  • 9

2 Answers2

8

We can't answer that. Applications can put whatever they want into the logs; you could write a key logger that logged every keystroke on the system into the event log, or a web app that dumped every user's plaintext password into a log entry.

You also haven't defined what "extremely sensitive" means to you. By default, Windows isn't logging anything that most people would consider "extremely sensitive", but in certain environments, account names of users or IP addresses of systems are considered extremely sensitive.

Logs are just as sensitive as the data that's in them; that's the best answer we can give you.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • I actually never thought about how vague my question was. Thanks! – Gabriel Graves Jul 15 '12 at 06:14
  • 1
    Also, bear in mind that in any decent-sized environment, your logs will probably contain a few account passwords from when someone put their password in the username field by mistake, so they're generally some kind of sensitive, but how sensitive is not answerable. – HopelessN00b Jul 16 '12 at 12:43
0

I saved several events windows logs - application (error and information) and looked at them through akelpad (mostly reports about messenger's crash)

The .mta files contain the names and paths of libraries, temporary files, as well as attached dumpfiles (which were no longer available at this moment). All this can also be seen through the viewer of events.

The .evtx file contains name of my microsoft account (e-mail). This is not shown if you open this file through the event viewer. All other is partly copy from the .mta files.

I did not find traces of my correspondence, passwords and sent photos.

Also, here tells how to edit the file using HEX editor and checksum calculation program.

Mêlis Farothserkê
  • 11
  • 2