±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35868
New Yesterday: 0 Visitors: 103

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Active Directory Activity Analiysis

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

nightworker
Senior Member
 

Active Directory Activity Analiysis

Post Posted: Feb 21, 19 13:11

Dear coleagues

I have a case that insider fraud of corporate technical files.

I have an image of active directory server and suspect staff images

From active directory server which artifact can i found it?Is there any data data leakage evidence of log files or something like that?  
 
  

Bunnysniper
Senior Member
 

Re: Active Directory Activity Analiysis

Post Posted: Feb 21, 19 19:05

The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.

regards,
Robin
_________________
--
All opinions are mine and are not necessarily the opinions of my employer. 
 
  

nightworker
Senior Member
 

Re: Active Directory Activity Analiysis

Post Posted: Feb 22, 19 09:51

- Bunnysniper
The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.

regards,
Robin


Thanks for your reply robin. i we cannot track activities why companies use this useless active directory. We should speak microsoft.  
 
  

Thomas
Member
 

Re: Active Directory Activity Analiysis

Post Posted: Feb 23, 19 19:53

It also depends on how the auditing is set. On the other hand it depends on what you are looking for. For a complete picture you indeed need the logfiles of the local workstations if available....

blog.stealthbits.com/b...-directory
_________________
ICT Security Manager, CHFI, CEH, ECSA, Netherlands 
 
  

north
Member
 

Re: Active Directory Activity Analiysis

Post Posted: Feb 24, 19 11:40

Active Directory is a database. Includes information such as printer, user, client. File path:% systemroot% NTDS  
 

Page 1 of 1