Upcoming Chapter Events

Below are upcoming chapter conferences, seminars, review courses, and other events. Prior chapter events can also be viewed.

For information on our event policies, see https://isaca-gwdc.org/event-policies/.

« All Events

This event has passed.

PowerShell® Workshop: Auditing and Monitoring Windows Logs

November 1 @ 8:30 am - 2:00 pm EDT

GWDC Member $100, Non-GWDC Member $150

Audit logs are an invaluable resource to identify activities that have occurred on a system. Logs are analyzed for a wide variety of reasons, from researching system performance issues to responding to a cyberattack. While there are a variety of software applications designed to ingest and analyze logs, they can often be expensive.

PowerShell provides an alternative for viewing and analyzing Windows logs. PowerShell contains built-in commands to view and search logs on local systems. In addition, its data analysis capabilities provide the ability to import and analyze Windows log files (e.g., evtx files). Since PowerShell is installed on all Microsoft systems, it is a free platform to build log analysis scripts for specific use cases.

This one-day hands-on workshop will cover the PowerShell commands and steps needed to build scripts for auditing and monitoring windows logs. The course will also provide examples of use cases for auditing and monitoring Windows log files. This course builds on the concepts presented in the PowerShell Workshop: Basics.

This workshop is an excellent opportunity for those who are new to using PowerShell to work with Windows log files. It is also a great opportunity for those familiar with PowerShell’s Windows log commands to refresh and practice their skills.

Registration closes on October 31, 2024 @ 8pm.

Agenda

Course Introduction
Basics of PowerShell’s Windows log commands.
Commands and hands-on exercises to query Windows log data using PowerShell commands.
Commands and hands-on exercises to import data from Windows log files (.evtx files).
Commands and hands-on exercises for log uses cases.
Commands and hands-on exercises for export data into CSV files.
PowerShell resources and recap

Additional Course Details

Hands-on Lab Exercises

Each student will be provided access to a Windows Server to use during the course. The server will be hosted on the Azure Lab Services platform.

The server will be accessed using Windows Remote Desktop. Therefore, on the course dates, students will need to use a Windows-based computer that permits use of the Remote Desktop protocol.

An email will be sent to each student this evening with instructions on accessing the virtual server. Students are encouraged to register and follow the instructions to access the virtual server prior to the start of the seminar.

Each lesson in the course has practice commands to use during the lesson and practice exercise to reinforce lesson concepts. All lesson materials will be pre-loaded onto each student’s virtual server.

Materials Provided During the Seminar

Each student attending the seminar will be provided:

Presentation materials
PowerShell scripts for each lesson
Access to the virtual server for up to 10 hours after the course ends for additional practice
Link to the seminar recording, good for 30 days after the seminar

Instructor

Mike Howard
CISA, MBA

Mike Howard is an experienced IT auditor with over 29 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies, including mainframes, Unix environments, Active Directory, databases, Cisco devices, and Windows computers. Mike embraces innovative technologies to accomplish his audits, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell, he’s written over 300 PowerShell scripts.

Mike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 17+ years, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties, including creating web pages, calculating CPE credits, and updating membership rosters.

Mike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University.

Virtual Meeting Information

This event will be presented through Zoom. The instructor will send an email with the zoom link prior to the event.
Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
The ISACA Greater Washington, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.

Event Questions and Policies

Registration Questions

If you have any registration questions about this event, please contact the chapter using the Registration Contact Form.

If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.

Cancellation and Refund Policy

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.

If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.

Complaint Policy

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.

CPE Information

Earn up to 6 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

Learning Objectives

After completing this course, students will have skills to use PowerShell to obtain data from Windows logs and perform basic use cases. Specifically, students will be able to:

Query Windows log data from a Windows operating system.
Import Windows log .evtx files.
Analyze, reformat, and export Windows log data.

CPE-Related Details

Prerequisites: Students should have a general understanding of PowerShell commands and be familiar with Windows Logs.
Advance Preparation: The instructor will provide materials in advance of the course. The instructor will also provide credentials to access a virtual server several days in advance of the course. Students should log onto the server and share any issues with the instructor in advance of the course.
Program Knowledge Level: Intermediate
Delivery Method: Group Internet Based
Field of Study: Information Technology – Technical

Details

Date:: November 1
Time:: 8:30 am - 2:00 pm EDT
Cost:: GWDC Member $100, Non-GWDC Member $150
Event Category:: Special Seminars
Event Tags:: GWDC, ISACA, IT Auditing, PowerShell, seminar
Website:: CLICK TO REGISTER »

Venue

: Virtual Event

Organizer

: Clifton Persaud (Certifications Program and Special Assistance Requests)
Email: certifications@isaca-gwdc.org