Fun With Logs

Logs, Fun and Logs

Here’s a quick Cheat Sheet for hunting RDP connections on a machine or a DC. Please


As forensic analyst, we’re looking for different kind of information on a Windows system. Among the most popular ones, there are the event id related to connections on a computer. It allows to determine the time period between a user logon and a user logoff and thus looking for malicious activity around this dates and times. Of course, you must have identified a compromised user account before to start this kind of analysis.


Enter your email to subscribe to updates.