Home Software Investigate malicious logon with LogonTracer

Investigate malicious logon with LogonTracer

0
0
1,173

LogonTracer helps digital forensics analysts to investigate malicious logon by visualizing and analyzing Windows active directory event logs. The tool usesĀ PageRankĀ andĀ ChangeFinderĀ to detect malicious hosts and accounts from event log. It can visualize the following event id related to Windows logon based onĀ this research:

  • 4624: Successful logon
  • 4625: Logon failure
  • 4768: Kerberos Authentication (TGT Request)
  • 4769: Kerberos Service Ticket (ST Request)
  • 4776: NTLM Authentication
  • 4672: Assign special privileges

Learn more about the tool here.

Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *