πŸ”
Windows Forensic Handbook
CtrlK
  • πŸ‘‹Welcome
  • Artifacts by Type
    • πŸ—„οΈRegistry Artifacts
    • πŸ“‚Filesystem Artifacts
    • πŸ“…Event Log Artifacts
  • Artifacts by Activity
    • πŸƒβ€β™‚οΈExecution
    • πŸ—’οΈFile Activity
    • πŸ‘¨β€πŸ”§Account Activity
    • 🌎Network Activity
      • Evidence of Network Activity
      • Destination Identification
      • Source Identification
        • Task Scheduler Files
        • Task Scheduler Operational Log
        • EventID 4624: An account was successfully logged on
        • EventID 21: Session logon succeeded
        • EventID 24: Session has been disconnected
        • EventID 1149: User Authentication Succeeded
      • Transmit Volume
      • Firewall Activity
      • Wireless Activity
    • πŸ”Browser Activity
    • πŸ–₯️System Enumeration
Powered by GitBook
On this page
  1. Artifacts by Activity
  2. 🌎Network Activity

Source Identification

Task Scheduler FilesTask Scheduler Operational LogEventID 4624: An account was successfully logged onEventID 21: Session logon succeededEventID 24: Session has been disconnectedEventID 1149: User Authentication Succeeded

Last updated 1 year ago