Windows Forensic Handbook

Security Identifier

Background Activity Montitor System Resource Usage Monitor (SRUM)Recycle Bin $I/$R Files EventID 4688: A new process has been created EventID 4624: An account was successfully logged on Event ID 7045: Service Installed EventID 1024: RDP ClientActiveX is trying to connect to the server EventID 2004: Firewall Rule Added EventID 2005: Firewall Rule Modified EventID 2006: Firewall Rule Deleted EventID 2071: Firewall Rule Added EventID 2073: Firewall Rule Modified EventID 2052: Firewall Rule Deleted EventID 9707: Command Execution Started

Last updated 1 year ago