Chapter 13: Logon and Account Logon Events
Explain the difference between logon events and account logon events. A logon event records access to a computer’s resource. An account logon event records an authentication event. Logon events are in the 4600 series (Server 2008) or 500 series (Server 2003), and account logon events are in the 4700 series (Server 2008) or 600 series (Server 2003). Logon events are stored on the computer whose resource was accessed, and account logon events are stored on the computer that performed the authorized authentication of the account.
Master It List the common account logon and logon events that you should memorize to enhance the efficiency of your log analysis.
Solution Logon events:
| Server 2003, Windows ... |
Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
