Dear coleagues
I have a case that insider fraud of corporate technical files.
I have an image of active directory server and suspect staff images
From active directory server which artifact can i found it?Is there any data data leakage evidence of log files or something like that?
The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.
regards,
Robin
The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.
regards,
Robin
Thanks for your reply robin. i we cannot track activities why companies use this useless active directory. We should speak microsoft.
It also depends on how the auditing is set. On the other hand it depends on what you are looking for. For a complete picture you indeed need the logfiles of the local workstations if available….
https://
Active Directory is a database. Includes information such as printer, user, client. File path% systemroot% NTDS