Chapter 13 Logon and Account Logon Events

In a Windows network investigation, often the most important piece of information to gain from an event log is a record of which user accounts were used to log into a particular system and how this access was achieved. Learning which accounts were utilized and where connections were initiated and terminated is vital to tracking activity across a network. Depending on your operating system, these events are recorded in the Security log as either logon events (Server 2008) or logon and/or account logon events (Server 2003).

In this chapter you will learn to

Explain the difference between logon events and account logon events
Locate and understand logon and account logon events within a domain environment ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Chapter 13

Logon and Account Logon Events

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly