I need to provide someone attempted to access a shared drive via Windows Explorer. Please note that the share IP address is non-existent so it would never be successful. So far I have checked the TypedURLs reg key, the RunMRU reg key, the IE history, and Windows event logs. I have found nothing and am wondering where the evidence is on a Windows 7 Enterprise system for failed shared drive attempts. Thanks in advance for any help.
Shellbags?
http//
jaclaz
Do you know why the attempt failed?
I know of no artifact - if the connection attempt would always fail.
To be certain I would do a test and snapshot your system.
Depending on your logging, you may find activity in your event logs.
I know of no artifact - if the connection attempt would always fail.
To be certain I would do a test and snapshot your system.
Depending on your logging, you may find activity in your event logs.
This is interesting…I'm curious as to what level of logging would need to be in place, and then what evidence would there be of the attempt?
Thanks.
Hi Folks,
Just a thought, event log or may be if there is some kind of monitoring for the network log.
If its only one attempt them it wont be flagged by SIEM but if there is continuous request for something which is not present must get flagged.