More FTK Filters

In my last post, I mentioned two useful FTK filters for quickly finding files of interest. Below are two more that may be helpful to a digital investigator examining a Microsoft Windows Server 2008 R2 server (may work on others, but I have not tried)

Remote Desktop Logs (there are other log files, but I found this filter to be very useful):

Windows Firewall logs:
Print Friendly, PDF & Email

Leave a Reply