Fight Crime. Unravel Incidents One Byte at a Time - SANS Digital Forensics & Incident Response

Overview

Below is n outline of Fight Crime. Unravel Incidents One Byte at a Time - SANS Digital Forensics & Incident Response. If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Security Docs

If you are having issues logging in, please check the following help guide, HERE.

 

Outline

Introduction
Outline
Problem Addressed
Windows Authentication Overview
Security Subsystem Architecture
Microsoft Security Support Provider Interface (SSPI)
Security Support Providers (SSP)
Windows Security Terms
Logon Process Scenarios
Interactive Logon
Network Logon
Batch
Service
Unlock
NetworkCleartext
NewCredentials
CachedInteractive
Accessing Resources
Kerberos Authentication and Resource Access
NTLM Authentication and Resource Access
Logon Auditing and Logon Events
Logon Auditing
Account Logon Events
Logon Events
Logon Analysis
Decoding Logon Types and Logon Codes
Where and What to Look
Tracking a User
Querying events
Conclusion
References
Appendix A: Logging on in Domain Environment
Kerberos Logon Handshake
Account Logon Events on DC
Logon/Logoff Events on DC
Logon/Logoff Events on Workstation
Appendix B: Logging on using Local Account and Mapping to different server

 

-----

Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.