The Forensics Artifacts on Remote Desktop Protocol and Service:

Talha Ashfaq; Muhammad Shairoze Malik

doi:10.54692/ijeci.2022.0603137

Talha Ashfaq School of Electrical engineering and computer Sciences, National University of Science and Technology, Islamabad
Muhammad Shairoze Malik School of Electrical engineering and computer Sciences, National University of Science and Technology, Islamabad

DOI: https://doi.org/10.54692/ijeci.2022.0603137

Keywords: RDP, artifacts, Log analysis, bitmaps, Registry artifacts

Abstract

Remote Desktop Protocol provides users with a graphical user interface to access the system remotely and its implementation is called “remote desktop services”. This is widely used by network administrators and remote workers. Due to vulnerabilities and weak configurations, the protocol is hugely abused by threat actors and hackers to perform malicious acts such as data infiltration, deploying backdoors, malware, and lateral movements. In this article, there will be a discussion on the importance of RDP in digital forensics, understanding RDP-based artifacts and there use in forensics investigations where RDP was suspected to be involved.

The Forensics Artifacts on Remote Desktop Protocol and Service

Talha Ashfaq, Muhammad Shairoze Malik

Abstract

Most read articles by the same author(s)