Active Directory Ac...
 
Notifications
Clear all

Active Directory Activity Analiysis

5 Posts
4 Users
0 Likes
2,652 Views
nightworker
(@nightworker)
Posts: 134
Estimable Member
Topic starter
 

Dear coleagues

I have a case that insider fraud of corporate technical files.

I have an image of active directory server and suspect staff images

From active directory server which artifact can i found it?Is there any data data leakage evidence of log files or something like that?

 
Posted : 21/02/2019 12:11 pm
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.

regards,
Robin

 
Posted : 21/02/2019 6:05 pm
nightworker
(@nightworker)
Posts: 134
Estimable Member
Topic starter
 

The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.

regards,
Robin

Thanks for your reply robin. i we cannot track activities why companies use this useless active directory. We should speak microsoft.

 
Posted : 22/02/2019 8:51 am
Thomas
(@thomas)
Posts: 59
Trusted Member
 

It also depends on how the auditing is set. On the other hand it depends on what you are looking for. For a complete picture you indeed need the logfiles of the local workstations if available….

https://blog.stealthbits.com/best-practices-for-auditing-active-directory

 
Posted : 23/02/2019 6:53 pm
Northwind
(@northwind)
Posts: 33
Eminent Member
 

Active Directory is a database. Includes information such as printer, user, client. File path% systemroot% NTDS

 
Posted : 24/02/2019 10:40 am
Share: