Techno Security 2023
June 05- 08, 2023
Wilmington, North Carolina
Dr. Brian Carrier will speak about User Login Forensics – Merging Artifacts To Find Anomalous Activity.
Tuesday, June 06, 2023
10:30 AM – 11:20 AM
Salon C • Forensics
User login activity is critical with intrusion investigations because user accounts are often compromised and used for lateral movement. On any given host, you are looking at who came into the host and who left it. Unfortunately, logons are extremely complicated and you’ll need to review several event logs, event types, and registry keys to get the full picture.
This session will cover the logical steps of logons and then dive into events that occur at each step. We’ll then be able to identify patterns of login activity to identify anomalous hosts and user accounts.