EventLog: Who and when restarted/shutdowned computer

Here the Sysem event ID's that shows computer restart/shutdown and when started on all Windows family Windows 2003/XP, Windows Vista/7/2008, Windows 8/10/2012:

1074, 6005

Here typical example of Evend ID 1074 generated after windows updates install and automatically restart(shows time, user, type):

Log Name:      System
Source:        User32
Date:          2/28/2016 1:57:06 AM
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      COMPUTERNAME.DOMAIN
Description:
The process C:\Windows\system32\svchost.exe (COMPUTERNAME) has initiated the restart of computer COMPUTERNAME on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)
 Reason Code: 0x80020002
 Shutdown Type: restart


Here typical example of Evend ID 6005 generated whane computer starts(shows time):

Log Name:      System
Source:        EventLog
Date:          2/28/2016 1:59:18 AM
Event ID:      6005
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      COMPUTERNAME.DOMAIN
Description:
The Event log service was started.


Estimated computer downtime can be calculated from time differences between Date fields in both example logs:
1:57:06 AM minus 1:59:18 AM = 2 min 6 sec

Official MS information on 6005 and 1074 ID's.

/Geecoholic