How can I obtain file execution records from Windows logs using the command line?

You can retrieve process creation events (Event ID 4688) by running `wevtutil qe security /rd:true /f:text /q:"Event[System[(EventID=4688)]]"`. For program inventory logs, use `wevtutil qe Microsoft-Windows-Application-Experience/Program-Inventory` and for telemetry logs, `wevtutil qe Microsoft-Windows-Application-Experience/Program-Telemetry`. Note that Event ID 4688 auditing is disabled by default and must be enabled via Group Policy under Advanced Audit Configuration. For clearing individual log entries, refer to the article Penetration Techniques - Deletion and Bypass of Windows Logs.