Skip to main content

How to determine when was the last time the machine was rebooted from exported System Windows Event log

By

How to determine when was the last time the machine was rebooted from exported System Windows Event log

Exported System Windows Event log provides a ton of useful information for digital forensics. One useful information that might be of importance is knowing when was the last time that the machine was (re)started. 


To find when it was last (re)started, sort on the Date and Time column and then look for Source is Kernel-General and EventID is 12, see below for reference.


REF:3
Labels:

Comments

Post a Comment

Popular posts from this blog

The following add-ins could not be started MonoDevelop.GnomePlatform

By
Installing MonoDevelop in OpenSUSE 12.2 from its repository was very easy. When running it for the first time though I got the message: The following add-ins could not be started: The root of the trace shows MonoDevelop.GnomePlatform,2.8 A quick search shows that MonoDevelop depends on libgnomeui . This should have been part of dependencies when installing the application but well.... Below is the screen shot of the error message. References: http://software.1713.n2.nabble.com/MonoDevelop-and-openSUSE-12-1-td7462957.html [2013/04/09] - Same issue observed in OpenSUSE 12.3 and also the same fix. [2014/11/02] - Same issue observed in OpenSUSE 13.3, mondevelop 3.0.6 and the same fix.
21 comments
Read more

Error! Could not locate dkms.conf file install VirtualBox 4.1.8 on Ubuntu 11.10

By
Tried to update my Ubuntu host today and it did pickup that new version of VirtualBox is available (4.1.8). All other packages installed properly except that VirtualBox installation was complaining about missing dkms.conf file, see error message below. $: sudo /etc/init.d/vboxdrv setup * Stopping VirtualBox kernel modules [ OK ] * Uninstalling old VirtualBox DKMS kernel modules Error! Could not locate dkms.conf file. File: does not exist. [ OK ] * Trying to register the VirtualBox kernel modules using DKMS [ OK ] * Starting VirtualBox kernel modules [ OK ] Though it looks like installation was fine but I am concerned about its effects to VirtualBox functionality. To fix this, do: $: cd /var/lib/dkms/vboxhost $: sudo rm -r 4.1.4 $: sudo /etc/init.d/vboxdrv setup Of course you have to re
11 comments
Read more