O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 14

Other Audit Events

In Chapter 13, “Logon and Account Logon Events,” we examined the way in which Windows logs the activities associated with account authentication and access to system resources. This chapter will look at various audit events that might be of investigative interest to you. Windows records a wide assortment of activities throughout the network, and by pulling all of these events together, you will be able to paint a fairly complete picture. We’ll do this in an order that represents how a system compromise might actually take place. The sequence will reach an end when our attacker is able to access a repository of company secrets.

In this chapter, you will learn to

  • Detect changes to groups, accounts, and policies in ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required