Techno Security 2023

June 05- 08, 2023

Wilmington, North Carolina

Dr. Brian Carrier will speak about User Login Forensics – Merging Artifacts To Find Anomalous Activity.

Tuesday, June 06, 2023
10:30 AM – 11:20 AM
Salon C • Forensics

User login activity is critical with intrusion investigations because user accounts are often compromised and used for lateral movement. On any given host, you are looking at who came into the host and who left it. Unfortunately, logons are extremely complicated and you’ll need to review several event logs, event types, and registry keys to get the full picture.

This session will cover the logical steps of logons and then dive into events that occur at each step. We’ll then be able to identify patterns of login activity to identify anomalous hosts and user accounts.