Hello and welcome to this follow up blog on ETW. If you haven’t read the first part I highly suggest you do because this will be a direct build up on the concepts introduced there. (Link below)
Last time we talked about ETW and its different component. This time i thought i’ll take a look at some of the providers out there. With more than 1000+ providers available by default I started researching interesting events that can help us during detection and forensic investigations.