🟦
LSWSec-Defensive
  • LSWSec - Defensive Security Notes
  • General
    • Tool List
  • Threat Intelligence
    • Introduction
    • Threat Actors and APTs
    • Operational Threat Intelligence
    • Tactical Threat Intelligence
    • Strategic Threat Intelligence
    • Malware and Global Campaigns
  • Phishing
    • Introduction
    • Investigating a Phishing Email
    • Analysing
    • Defensive Action
    • Reactive Measures
    • Report Writing
  • Digital Forensics
    • Introduction
    • Digital Evidence and Handling
    • Memory, Pagefile and Hibernation file
    • Digital Evidence Collection
    • Windows Investigation
    • Linux Investigations
    • Volatility
    • Autopsy
    • Windows Commands
      • Network Discovery
      • DHCP
      • DNS
  • SIEM
    • Introduction
    • Logging
    • Correlation
  • Incident Response
    • Introduction
    • Preperation
    • Detection & Analysis
    • Containment, Eradication and Recovery
    • reporting
    • MITRE Att&ck
  • Event Viewer
    • event Summary
    • Event ID: 4648
    • Event ID: 4776
    • Event ID: 4673
    • Event ID: 4625
Powered by GitBook
On this page
  1. Digital Forensics
  2. Windows Commands

DNS

Default location Windows 2003:

C:> %SystemRoot%\System32\Dns

Default location Windows 2008:

C:> %SystemRoot%\System32\Winevt\Logs\DNS Server.evtx

Default location of enhanced DNS Windows 2012 R2:

C:> %SystemRoot%\System32\Winevt\Logs\Microsoft Windows-DNSServer%4Analytical.etl

Ref. https://technet.microsoft.com/en us/library/cc940779.aspx

Enable DNS Logging:

C:> DNSCmd /config /logLevel 0x8100F331

Set log location:

C:> DNSCmd /config /LogFilePath

Set size of log file:

C:> DNSCmd /config /logfilemaxsize 0xffffffff

PreviousDHCPNextIntroduction

Last updated 2 years ago