O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Interpreting File and Other Object Access Events

At this point in the compromise, our attacker has created a new user account and placed that user in the Domain Admins group. Now, at this point she is ready to attempt to find and gain access to the secret documents stored on our file server. The next place for us to see the trail that is left by this attempt is in the object access audit category of events.

The object access audit category (as discussed in Chapter 12) allows administrators to configure the Security event logs to record access (either successful or failed) to various objects on the system. An object is just about anything the operating system is aware of, but for auditing purposes, this category generally focuses on objects such ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required