I need to know if anyone can inject events in event viewer logs in an old date, how event viewer data are stored, and can anyone change them?
Asked
Active
Viewed 623 times
0
-
1That would be a security violation: Falsification of data. – Raymond Chen Jan 24 '13 at 19:01
1 Answers
1
Obviously you can't do this on a running system, but the Windows Event Log format has been reverse engineered to the point that you could probably do it offline; perhaps somebody has written a tool for it. Here is one analysis.
Luke
- 11,211
- 2
- 27
- 38