Analysing Active Directory event logs to identify compromised accounts


During investigation in a security incident, event log analysis is a key element. If the affected network is managed by Active Directory, identify compromised accounts is a critical step. For such investigation, because is quite difficult to conduct detailed analysis in AD event viewer, it is rather common to export the logs to text format…

Article Link: