Posted: Thu Oct 23, 2014 4:44 am Post subject: Remote connections during Live Analysis
I'm using two text books (Real Digital Forensics and Windows Forensics by Harlan Carvey). They both mention that when performing live analysis, the following tools can be used to get remote connections and files opened currently.
Users Logged On:
a. PsLoggedOn - users logged on locally and visa resource shares (currently).
b. net sessions - remote users, ip address, client logonsessions - all active logon sessions
c. NetUsers : tool that shows all local users that are currently logged in and logged into the computer in the past.
a. net files
However, when I test it with Chrome Remote Desktop, I don't see the user logged on nor do I see the files opened remotely. Any idea how remote connections with Chrome can be seen during Live Analysis?
Also, documentation of PsFiles says that it shows files opened remotely and locally but when I test it with open files, it doesn't show files that are opened locally. Any insight?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum