Learn how to pull, parse and pivot Windows Event Logs like a pro SOC analyst. Urvesh shows GUI, CLI and bootable-USB methods so you never miss evidence—even when Windows is broken. Perfect for blue-teamers, incident responders and anyone chasing their first cybersecurity role TAKEAWAYS Identify suspicious Event IDs (4624, 4625, 4688) in seconds Build repeatable triage flow for ransomware, brute-force, insider threats Map findings to MITRE ATT&CK for reports that impress hiring managers . 00:00 – 02:50 – Introduction 02:50 – 03:48 - Learn SIEM tools (like Vasu, Splunk) 03:48 – 07:22 - Begin with Basics 07:22 – 08:20 - Windows Logs 08:20 – 01:23:05 - Window Logs 09:47 – What is Log 10:35 – Purpose 12:47 – Log Analysis 14:00 - Event Viewer (First Step) 16:04 – Why Command Prompt 17:50 – 3 Segments 18:16 – Custom View 19:01 – Log Categorization 24:13 – Powershell 26:39 – Top 10 Interview question 32:19 – Common Event IDs 38:54 – XML views 44:00 – Warnings, Error 44:11 – Fundamental IDs 49:21 – Administrative Events 50:59 – Create Custom view 53:20 – No SIEM tools 54:29 – traditional Event ID’s 55:32 – Sysmon (System Monitor) 59:19 – Enable Sysmon 01:07:44 – Sysmon IDs 01:15:05 – Is programming knowledge required 01:16:51 – Books 01:23:05 – Hypothesis 01:24:55 – Interviewer thought 01:32:01 – Virus total 01:33:36 – Scenario 2 (PowerShell command) 01:35:38 – Future broadcast (How to map one practical with minor attack) 01:36:31 - schtasks SOC Playlist CISO talks NIST Series GRC Series ISO 27001 Video ISO 27001 Implementation Guide GRC Practical Series GRC Interview Internal Audit Study with Me Telegram Group My Instagram My Spotify #socanalyst #infosec #loginvestigation #SOC #LogAnalysis #WindowsEventLogs #Cybersecurity #IncidentResponse