Windows Forensic Handbook

Ctrlk

Evidence of Network Activity

Tracing Registry Keys EventID 1024: RDP ClientActiveX is trying to connect to the server EventID 21: Session logon succeeded EventID 24: Session has been disconnected EventID 1149: User Authentication Succeeded

Last updated 2 years ago