Home Videos RDP Event Log Forensics

RDP Event Log Forensics

0
0
1,224

As a continuation of the “Introduction to Windows Forensics” series, this episode takes a comprehensive look at the Windows event IDs and associated logs that will be of interest when investigating RDP-related activity. This content is based upon research by Jonathon Poling, and below you’ll find a link to his original article as well as a series of accompanying flowcharts Richard Davis designed to provide a quick reference for six (6) scenarios, including:

• A successful RDP logon
• An RDP logon attempt that was unsuccessful
• An RDP session disconnect via someone closing the window without clicking Start, Disconnect
• An RDP session disconnect via someone clicking Start, Disconnect
• An RDP session reconnect
• An RDP session logoff

Windows RDP-Related Event Logs: Identification, Tracking, and Investigation: https://ponderthebits.com/2018/02/win…

RDP Flowchart: https://www.13cubed.com/downloads/rdp…

Load More Related Articles
Load More In Videos

Leave a Reply

Your email address will not be published. Required fields are marked *