The Microsoft Remote Desktop Connection (RDC) allows a user to connect and gain access to other Windows systems over a network. It is a built-in application that implements Remote Desktop Protocol (RDP) through Terminal service or Remote Desktop Service to access and control all apps, files, and network resources on a remote system.
RDC is commonly used by system administrators to perform administrative tasks such as configuring computers and solving computer and network issues. However, it can also be used by threat actors to perform malicious activities on remote Windows systems. Thus, Remote Desktop Connection MRU artifact can be useful in determining the systems an attacker has accessed.
Information about the systems that are accessed via the Remote Desktop Connection are stored at the following location:
This section discusses how to use ArtiFast Windows to analyze Remote Desktop Connection MRU artifact from Windows machines and what kind of digital forensics insight we can gain from the artifact. After you have created your case and added evidence for the investigation, at the Artifacts Selection phase, you can select Remote Desktop Connection MRU artifact:
Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View”, with indexing, filtering, and searching capabilities. Below is a detailed description of Remote Desktop Connection MRU artifact in ArtiFast Windows.
Remote Desktop Connection MRU Artifact
For more information or suggestions please contact: email@example.com