Re: @brucon, consider taking my 2hr workshop: “EID 1102 - The audit log was cleared” won’t stop me: Advanced Windows Event Log Forensics
@williballenthin
Re: @brucon, consider taking my 2hr workshop: “EID 1102 - The audit log was cleared” won’t stop me: Advanced Windows Event Log Forensics