Join Us!

Active Directory Ac...
 
Notifications
Clear all

Active Directory Activity Analiysis  

  RSS
nightworker
(@nightworker)
Active Member

Dear coleagues

I have a case that insider fraud of corporate technical files.

I have an image of active directory server and suspect staff images

From active directory server which artifact can i found it?Is there any data data leakage evidence of log files or something like that?

Quote
Posted : 21/02/2019 12:11 pm
Bunnysniper
(@bunnysniper)
Active Member

The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.

regards,
Robin

ReplyQuote
Posted : 21/02/2019 6:05 pm
nightworker
(@nightworker)
Active Member

The only thing you can find there is the security log to see when the user logged in. That`s it. You need the device that was used by the suspect for your analysis.

regards,
Robin

Thanks for your reply robin. i we cannot track activities why companies use this useless active directory. We should speak microsoft.

ReplyQuote
Posted : 22/02/2019 8:51 am
Thomas
(@thomas)
Junior Member

It also depends on how the auditing is set. On the other hand it depends on what you are looking for. For a complete picture you indeed need the logfiles of the local workstations if available….

https://blog.stealthbits.com/best-practices-for-auditing-active-directory

ReplyQuote
Posted : 23/02/2019 6:53 pm
north
(@north)
Junior Member

Active Directory is a database. Includes information such as printer, user, client. File path% systemroot% NTDS

ReplyQuote
Posted : 24/02/2019 10:40 am
Share: