List of “LogonTracer”

  • Investigate Unauthorised Logon Attempts using LogonTracer Forensic
    Investigate Unauthorised Logon Attempts using LogonTracer
    In the recent article, we introduced the concept and the use of "LogonTracer", a tool to support Windows event log analysis. This article presents how unauthorised logon attempts can be identified using this tool. Please refer to the Wiki for LogonTracer installation. Points for Investigation LogonTracer serves as a tool to support the log analysis rather than to detect unauthorised logon itself. For an effective investigation using this tool, we...

    Read more

  • Visualise Event Logs to Identify Compromised Accounts - LogonTracer - Forensic
    Visualise Event Logs to Identify Compromised Accounts - LogonTracer -
    Hello again, this is Shusei Tomonaga from the Analysis Center. Event log analysis is a key element in security incident investigation. If a network is managed by Active Directory (hereafter, AD), can be identified by analysing AD event logs. For such investigation, it is quite difficult to conduct detailed analysis in AD event viewer; it is rather common to export the logs to text format or import them into SIEM/log...

    Read more