JosephKing 3 Posted April 29, 2022 Posted April 29, 2022 Windows Event Logs can be set up for Advanced Auditing. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings Start>Local Security Policy>Advanced Audit Policy Configuration. Enable anything you find interesting like Logon/Logoff, Process Creation/Termination, Credential Validation, Sensitive Privilege Use, RPC events, etc. Check out software like Event Log Explorer or NirSoft FullEventLogView.
Recommended Posts