Learn where to search for artefacts associated with users and accounts.
This is room is accessible only for subscribers, so if you wish to subscribe you can use this link and get $5 credits 💰💵when you become a member. https://tryhackme.com/signup?referrer=633819acb90069005f4fd623.
Link to the room https://tryhackme.com/r/room/windowsuseraccountforensics
Task 1:Introduction
User accounts play a crucial role in cyber security. They are access points to sensitive systems and data, making them a focus of most cyber attacks. To help us with our investigations, we need to understand better user accounts and the forensic artefacts they leave behind.
This room delves into Windows forensics, focusing on user account activity and system interactions. We will be examining logs, network traffic, and GPO policies. All of these create system artefacts unique to Windows that can give us a better understanding of how an attack happened.
Task 2:Windows Account Types
Local User Accounts
Local user accounts are unique to a specific computer, offering access to its resources and applications. They’re managed directly on the computer, allowing users…
