Windows Security Logging and Other Esoterica

thoughts from the Windows auditing team

Browse by Tags

Tagged Content List
  • Blog Post: Tracking User Logon Activity Using Logon Events

    I get the question fairly often, how to use the logon events in the audit log to track how long a user was using their computer and when they logged off. As I have written about previously, this method of user activity tracking is unreliable . It works in trivial cases (e.g. single machine where the...
  • Blog Post: If you're gonna herd bots, do it from New Zealand!

    A judge in New Zealand declined to convict the admitted (guilty plea) botherder of a million-bot botnet, citing the negative consequences a conviction would have on the young man's future prospects. See the story here . Well duh. The whole theory of crime and punishment is that if you do something...
  • Blog Post: German court bans retention of logged IP addresses

    A German court has ruled that a government web site may not retain IP addresses and other personally identifiable information (PII) in their logs for any longer than the user is actually using the site. The judges pointed out that in many cases it was simple to map an IP address to an identity with...
  • Blog Post: Voting Machine Logs + e-Government Laws = No Secrets When Voting

    Researchers in the state of Ohio in the United States have discovered that by analyzing the logs produced (by law) from e-voting machines used in certain counties, they can determine the vote(s) each voter made . Further, the logs, by law, must be produced on demand, as part of our open elections process...
Page 1 of 1 (4 items)