Windows Forensic Handbook

CtrlK

👋Welcome
Artifacts by Type
Artifacts by Activity

Powered by GitBook

On this page

Artifacts by Activity
🌎Network Activity

Evidence of Network Activity

Tracing Registry Keys EventID 1024: RDP ClientActiveX is trying to connect to the server EventID 21: Session logon succeeded EventID 24: Session has been disconnected EventID 1149: User Authentication Succeeded

Last updated 1 year ago