Windows DNS analytical log Event Viewer EventID 261 first reply
| | | | |

Windows DNS logging

Preface Windows DNS logging is NOT our recommended method to collect DNS request and reply transaction for continuous security monitoring. However, sometimes we do not have an option, especially when Windows DNS debug/analytics log is the only available data source during IR investigation. In the first part of this post, we will discuss the Windows…