You need to be able to track end user actions on your network to:
- Support forensic investigations
- Trace hackers that have compromised a user’s account
- Support accountability and acceptable use policies
- Track down the “inexplicable”
- Prove user responsibility for disappearing files
- Track the steps of users impersonating another user
In this very technical webinar, I will show you how to follow a user’s footsteps throughout the network, beginning with logon and tracking the programs the run, the servers they access and the objects they access.
This is a particularly intriguing discussion because you have to understand how to correlate events between domain controllers, workstations and member servers. I’ll show you how to pick up this train of activity anywhere along the way and trace back in either direction.
We will cover events from Windows audit categories:
- Account Logon
- Logon/Logoff
- Process Tracking
- File Share
- File System
I will take you beyond the Windows Security Log and briefly discuss the capabilities that exist today in SharePoint, Exchange and SQL Server to continue tracking the user’s footsteps at the application level.
This is technical, real training for free™; please register now!