The Forensics Artifacts on Remote Desktop Protocol and Service
Talha Ashfaq, Muhammad Shairoze Malik
Keywords:
RDP, artifacts, Log analysis, bitmaps, Registry artifacts
Abstract
Remote Desktop Protocol provides users with a graphical user interface to access the system remotely and its implementation is called “remote desktop services”. This is widely used by network administrators and remote workers. Due to vulnerabilities and weak configurations, the protocol is hugely abused by threat actors and hackers to perform malicious acts such as data infiltration, deploying backdoors, malware, and lateral movements. In this article, there will be a discussion on the importance of RDP in digital forensics, understanding RDP-based artifacts and there use in forensics investigations where RDP was suspected to be involved.
Published
2022-09-13
Section
Articles