Appendix

There is a significant number of Windows Event Log types available to IT and security professionals. This Appendix includes the most critical events that pertain to security and incident investigations and have been provided as a reference.

Event ID	Event type	Primary use	Event log
21	Remote desktop services: session logon succeeded.	Event correlation, lateral movement, scoping	TerminalServices-LocalSession Manager/Operational
25	Remote desktop services: session reconnection succeeded.	Event correlation, lateral movement, scoping	TerminalServices-LocalSession Manager/Operational
102	This event is logged when the terminal services gateway service requires a valid Secure Sockets Layer (SSL)

Get Digital Forensics and Incident Response - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics and Incident Response - Third Edition by Gerard Johansen

Appendix

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly