Help & How-to
- Overview
- Main Menu
- Analysis Parameters
- Tags
- Data Groups
- Client Control
- Calendar
Tags: Information
Records are marked with special characters located in the field Tag of the respective record.
Characters common for all data groups:
-
(or "*") -
means that Windows was not shutdown properly (system crash, reset button, power outage, etc).
- "?" - means that no users were logged on to Windows (i.e. Windows was logged off).
-
(or "!") -
marks the first event after user logged on to Windows (i.e. after Log on event). The same applies to Log off event.
For instance, the first process, the first printed document, etc.
- "-" - marks the deleted records. It applies while editing database.
-
(or "^") -
marks current records, i.e. records collected during current Windows session. Those records have not been added to
databases yet and are stored in temporary files.
- ">" - means that the record was logically divided into several parts and this particular line is the first logical part.
- "<" - means that the record was logically divided into several parts and this particular line is the middle (or the last) logical part of the record.
How this division works: new day adds new part.
Example:
Let's say that computer was turned on at 1pm January the 1st, 2000 and was turned off at 3pm January the 3rd, 2000.
Then you will see the following records:
| Date | Start | Finish | |
| > | 1/1/2000 | 13:00:00 | 23:59:59 |
| < | 2/1/2000 | 0:00:00 | 23:59:59 |
| < | 3/1/2000 | 0:00:00 | 15:00:00 |
Special characters specific for certain data groups:
Processes:
(or "~") -
marks the information regarding the process windows.
Modem:
"#" - marks failed connection attempts.