Note: this is a good question for code-challenge
Here are some executable codes, but feel free to add other solutions in other languages:
Uptime can be a good indicator:
net stats workstation | find /i "since"
Now associate this information with the ability to read Windows event logs, for example, in PowerShell:
Get-EventLog -list | Where-Object {$_.logdisplayname -eq "System"}
Look for the latest Save Dump posts
As Michael Petrotta said , WMI is a good way to get this information.
Depending on the update time, you can make a request like:
Set colEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where LogFile = 'System' AND TimeWritten >= '" _ & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
to easily detect an event log with the message β Save Dump β confirming the failure.
More details in Win32_NTLogEvent Class The WMI class.
In fact, this Microsoft article Querying the event log for stop events gives you (full query):
strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colLoggedEvents = objWMIService.ExecQuery _ ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'System'" _ & " AND SourceName = 'Save Dump'") For Each objEvent in colLoggedEvents Wscript.Echo "Event date: " & objEvent.TimeGenerated Wscript.Echo "Description: " & objEvent.Message Next