Skip to content

Commit

Permalink
Update Identification.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@TonyPhipps
TonyPhipps committed Nov 29, 2023
1 parent 868b402 commit 914b5b6
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion Identification.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,13 @@
- What is the size of the event log file? Is it at least as large as policy requires?
- What is the oldest event recorded? Is it at least as old as policy requires?
- Which Event IDs can be filtered out, having no value to the investigation?
- Are there any Security Event ID 1102 events present (log cleared)?

#### Security
- Review any Security Event ID 1102 events present (log cleared).

#### System
- Note any Event ID 1074 (Power off intiated)
- Note any Event ID 27 (Network link is disconnected)
- Note any Event ID 33 (Network link has been established)
- Note any Event ID 13 (The operating system is shutting down at system time xxxx)
- Note any Event ID 12 (The operating system started at system time xxxx)

0 comments on commit 914b5b6

Please sign in to comment.