Cheat Sheet Hunting RDP Activities
Here’s a quick Cheat Sheet for hunting RDP connections on a machine or a DC. Please
Logs, Fun and Logs
Here’s a quick Cheat Sheet for hunting RDP connections on a machine or a DC. Please
As forensic analyst, we’re looking for different kind of information on a Windows system. Among the most popular ones, there are the event id related to connections on a computer. It allows to determine the time period between a user logon and a user logoff and thus looking for malicious activity around this dates and times. Of course, you must have identified a compromised user account before to start this kind of analysis.