How to optimize Windows event logging to better investigate attacks

After a compromise, the first thing investigators will do is review the log files. The default logging on Windows machines, however, does not capture enough information to identify forensic artifacts. You can adjust your logging settings to get enough information to investigate attacks.

To read this article in full, please click here

(Insider Story)