Forensics Artifacts on Remote Desktop Protocol and Service.

Abstract

Remote Desktop Protocol provides users a graphical user interface to access a system remotely, and its implementation is called “remote desktop services”. This is widely used by network administrators and remote workers. Due to vulnerabilities and weak configurations, the protocol is hugely abused by threat actors and hackers to perform malicious acts such as data infiltration, deploying backdoors, malwares and lateral movements. In this article, there will be a discussion on the importance of RDP in digital forensics, understanding RDP-based artifacts, and their use in forensic investigations where RDP is suspected to be involved.