I am looking at a computer here that has a block of dates missing in the system log. From 3-03-05 thru 3-22-05 any ideas as to how someone could clean out just part of the log?
System Logs missing
Started by
knoxmda
, Mar 29 2005 10:20 AM
#1
Posted 29 March 2005 - 10:20 AM
I am looking at a computer here that has a block of dates missing in the system log. From 3-03-05 thru 3-22-05 any ideas as to how someone could clean out just part of the log?
#2
Posted 29 March 2005 - 12:07 PM
The most obvious answer is that there was a problem with either the event log or remote procedure call service during that time, and thus events were not recorded.
Do you suspect skullduggery? I've never given it much thought, but there are 3rd party programs that can read and export the event log...perhaps there is one that can export, edit it, then import it.
Do you suspect skullduggery? I've never given it much thought, but there are 3rd party programs that can read and export the event log...perhaps there is one that can export, edit it, then import it.
#3
Posted 29 March 2005 - 12:40 PM
That is what i'm starting to think, wouldn't i see rpc errors in the event viewer? If it were someone actually deleateing it?
#4
Posted 29 March 2005 - 12:44 PM
Normally, yes, but given the number of nasty things that have used to RPC service in the past year, it could have been some strange convergence of issues.
Or maybe they didn't turn on their machine for a while?
Or maybe they didn't turn on their machine for a while?
#5
Posted 29 March 2005 - 01:05 PM
What i though at first yet Symantec antivirus ran everyday. Doesn't it need RPC for it to work. The APP log is complete.
#6
Posted 29 March 2005 - 03:08 PM
Has anyone run a system restore? Selective Backup?
#7
Posted 29 March 2005 - 05:12 PM
not that i see, win 2000 dont believe it's got a roll back feature. This is a good one, one reason i brought it to this forum
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users