π
Windows Forensic Handbook
Ctrl
k
Copy
Artifacts by Type
π
Event Log Artifacts
Security
EventID 4688: A new process has been created
EventID 4624: An account was successfully logged on
Last updated
2 years ago