EVTX Long Tail Analysis

Bob · May 10, 2020, 5:17pm

I have loaded the module for EVTX analysis and I get two results:

Windows Event Logs
Windows Event Logs Long Tail Analysis

How are the items in the long tail analysis determined? Is it just a count of EventIDs? I want to make sure I understand it.

This is a great module - Thanks!!

Bob

Mark_McKinnon · May 10, 2020, 6:48pm

The long tail analysis is a count of distinct Event id’s per event log.

Topic		Replies	Views
ingesting evtx files Autopsy Help	1	831	March 1, 2021
E-mail parser module does bring any results Autopsy Help	2	481	July 18, 2020
Count all files Autopsy Help	2	928	October 29, 2021
Data Summary "Unknown" File Type Category Autopsy Help	2	43	April 9, 2024
Question about email Autopsy Help	3	1250	November 13, 2020