O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 13

Logon and Account Logon Events

In a Windows network investigation, often the most important piece of information to gain from an event log is a record of which user accounts were used to log into a particular system and how this access was achieved. Learning which accounts were utilized and where connections were initiated and terminated is vital to tracking activity across a network. Depending on your operating system, these events are recorded in the Security log as either logon events (Server 2008) or logon and/or account logon events (Server 2003).

In this chapter you will learn to

  • Explain the difference between logon events and account logon events
  • Locate and understand logon and account logon events within a domain environment ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required