Tuesday, November 29, 2011

Domain Logon Event Log

If you are working in the Global Company environment, where you have multiple Domain Controller (Authentication) Server all around the world location. Please make sure all the DC timezone setting are set properly according to the location. In digital forensics world "Date & Time" is very critical and important!.

Beside that, if you have Central Log Management Server, please make sure it has the capability to translate the timezone captured to GMT time setting once it log in the server. This will make your life easy. Else you will need to translate the time manually when you want to trace the actual incident happen.

Domain Logon Event Log is the best place to trace where the subject have gone and your starting point for forensics case investigation.


No comments:

Post a Comment