KStrike

Hot
686

DFIR Tools

License Type
Free
Incident Response
Logs
Stand-alone parser for User Access Logging from Server 2012 and newer systems

 This script will parse data from the User Access Logging files contained on Windows Server 2012 and newer systems, found under the path "\Windows\System32\Logfiles\SUM" (please visit the KPMG blog post at https://advisory.kpmg.us/blog/2021/digital-forensics-incident-response.html for more details. For documentation on these files, please visit the official documentation page at https://docs.microsoft.com/en-us/windows-server/administration/user-access-logging/manage-user-access-logging

User comments

There are no user comments for this listing.
Already have an account? or Create an account