Using GFI EventsManager for forensic analysis

GFI EventsManager enables you to perform thorough investigations when incidents occur. This is done using the drill-down, filtering and sorting capabilities available from the Events Browser. For more information refer to Using the Events Browser.

At this stage we recommend you become familiar with the views and filters in the browser by following these steps:

  • From the Windows Events view and sort events by clicking the column names in the grid.
  • From the Properties panel on the right side of the window, select Fields view. Click any field value to drill-down event data.
  • Create a custom view, right click on a value and select Create Query From Field.
  • To customize the view, open Properties and choose Edit . Check the fields available for you. For more information refer to Customizing Events Browser layout.