O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Bottom Line

Detect changes to groups, accounts, and policies in a Windows event log. Attackers will frequently modify user accounts, the groups to which they belong, and the policies that impact what they can do on a system. These changes can not only provide valuable information about the current incident but also indicate what other systems may have been compromised if an attacker gains control of an account with wide-ranging access.
Master It You are called to the scene of an intrusion where the administrator believes that an attacker may have created an account on a system. What Event IDs might you search for to help locate such activity?
Understand Windows file and other object access logging. In Windows systems, you can audit access ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required