Find Out What We’ve Got Lined Up for #MVS2021
Our full agenda is available for you to view. Every presentation will also feature a Q&A and Discord activity — so be sure to join us live to get the most out of every session.
MVS21 AGENDA
Discover What You’ll Learn at MVS2021
RESULTS:
May
18
TYPE
Lecture
THEME
Cloud
TIME
16:00 EDT
No logs, no problem: Leveraging User Access Logging on Windows Server systems
Patrick BennettIn this Lecture:
Not to be confused with Office 365’s Unified Audit Log, the User Access Logging (UAL) database is included with Server editions of Microsoft Windows starting with Windows Server 2012. Designed to provide system administrators with insight into service usage on Windows servers, it contains valuable forensic data which remains largely untapped by DFIR professionals. Among other things, the UAL database maintains a record of the types of services accessed on a server; the username associated with the access; and the source IP address from which the access occurred. With default settings, the UAL database retains this information for two years. The database is stored in the Extensible Storage Engine (ESE) format, and can be parsed offline or accessed from a live system via PowerShell cmdlets.
Expand
| Date | Details | Speaker | Session Type | Content Theme | Timezone |
|---|---|---|---|---|---|
|
May 18 |
No logs, no problem: Leveraging User Access Logging on Windows Server systems |
Patrick Bennett |
Lecture |
Cloud |
16:00 EDT |
|
In this Lecture: Not to be confused with Office 365’s Unified Audit Log, the User Access Logging (UAL) database is included with Server editions of Microsoft Windows starting with Windows Server 2012. Designed to provide system administrators with insight into service usage on Windows servers, it contains valuable forensic data which remains largely untapped by DFIR professionals. Among other things, the UAL database maintains a record of the types of services accessed on a server; the username associated with the access; and the source IP address from which the access occurred. With default settings, the UAL database retains this information for two years. The database is stored in the Extensible Storage Engine (ESE) format, and can be parsed offline or accessed from a live system via PowerShell cmdlets.
|
REGISTER NOW |
Note: Once you’ve registered for MVS21, you will be able to manage all your events via your MVS21 event hub.
Don’t Forget to Share!
Let the entire #DFIR community know that you’re making the most of #MVS2021 by sharing your thoughts and photos!
MVS MERCH
Get YOUR SUMMIT ON
We’re offering exclusive merch to help you get in the spirit of MVS! Check out what apparel we have available and remember that all profits go to Child Rescue Coalition.
Use code MVS2021 at checkout for 10% off!
