[DFSci] (no subject)
H. Carvey
keydet89 at yahoo.com
Thu Aug 1 16:59:28 PDT 2019
Maybe look for a 4624 event from the same source...?
------------------------------------------
Harlan Carvey
"Windows Forensic Analysis"
http://windowsir.blogspot.com
------------------------------------------
On Thursday, August 1, 2019, 07:39:32 PM EDT, Mcleod S <fe0742 at gmail.com> wrote:
Hello,
We have a windows machine that we’ve identified multiple event IDs 4625.
It appears to be a brute force attack. Can anyone please recommend any
documentation or resource that would show which artifacts should be
examined next to determine if the attack was successful and if any changes
were made to the machine. I know this is a broad question but we’re really
just looking for a “next steps to take” sort of guide.
Thanks
_______________________________________________
DFSci mailing list
DFSci at lists.dfrws.org
Manage your subscription at:
http://lists.dfrws.org/listinfo.cgi/dfsci-dfrws.org
More information about the DFSci
mailing list