- Report this article
Andre G.
Andre G.
Published Mar 16, 2022
+ Follow
Windows logs a lot of actions on your computer. We normal users just have to enable it first. If you keep very important files, or if you have a business and you keep trade secrets on your computer or server, you may want to have accountability who accesses grandma's original secret recipe that keep your bakery flush with returning customers.
This tutorial will walk you through the process. Take note this machine is Windows 8 but the process is very similar to Windows 10.
Enable enable auditing of the file system.
The next part is to enable auditing of the file (or files) considered secret. There is a video showing the entire process below this outline.
The next video will show how it would look from the hacker thief. This example uses a Linux distribution developed primarily for penetration testing. The video starts right before a hacker compromises your Windows machine. The bad guy gets in successfully, logs in an account that exists in your computer and can proceed to look around what you have. Once the malicious actor finds you file he or she can exfiltrate it.
Recommended by LinkedIn
In this example, the bad guy found a file named plans-TOP-SECRET-ONLY-atomic-diarrhea.pdf and proceeded to download a copy of it.
The second part of the next video will show how enabling file system auditing on windows will show these actions on Event Viewer. The quickest way to find Event Viewer is to search for it on your Windows Search bar.
According to Microsoft, Event 4663 is their code every time a user or a group accesses an object (a file is an object.) These entries will provide with more details such as when it happened, which user did it, and other information.
If you have a remote server or machine, Windows can also forward these events or logs. There are scripts available or you can create one so you'll get real-time alert while this is happening.
Like
Celebrate
Support
Love
Insightful
Funny
5
To view or add a comment, sign in
More articles by this author
No more previous content
- Network Forensics of NIDS Testing Jan 8, 2024
- Novice Malware Analysis Sep 10, 2023
- Hackthebox Walkthrough: Heist Nov 15, 2022
- Hackthebox Walkthrough: Under Construction Oct 16, 2022
- Hackthebox Walkthrough: Persistence Oct 10, 2022
- Hackthebox Walkthrough: Lure Oct 8, 2022
- Tryhackme Walkthrough: Vulnerability Capstone Hacking Tutorial Jan 1, 2022
- Tryhackme Walkthrough: Phishing Emails 1 Dec 24, 2021
- TryHackMe Walkthrough: HackPark Nov 15, 2021
No more next content
Sign in
Stay updated on your professional world
Sign in
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Insights from the community
- Operating Systems How do you monitor and audit file system activity and security events on your OS?
- System Administration What steps can you take to recover a system after a crash?
- System Administration How can you optimize Windows Group Policy for security?
- Operating Systems How can you create a system image backup?
- Business Operations What are the implications of setting the SUID, SGID, and Sticky bits in Linux?
- Operating Systems What are the best tools and methods for auditing Linux security?
- Computer Engineering How do you update your system for security?
- Operating Systems How can you debug security issues in a Linux system?
- IT Services How can you customize your operating system to handle growth and expansion?
- Technical Support How can you secure software on a Linux machine?
Others also viewed
- Microsoft warns of new PrintNightmare vulnerability affecting Windows 10 Aparna Agarwal, CISM 1y
- Resolved | TiWorker.exe consuming all resources of Server 2016 Syed Sabih Haider 6y
- This is how to delete the #Microsoft #Windows 10 Paging File on every shut down John Felix Odhiambo 5y
- Abusing fodhelper.exe to bypass UAC Prompt and elevate privileges (PoC). Abhishek sharma 1mo
- Microsoft Shows Uncertainty of Rules with the Release of Patches Pallavi Godse 9y
- Patch time again: Microsoft closes numerous zero-day vulnerabilities in IE and Windows. Eddy Willems 3y
- Windows 2003 Server Going Out of Support - What it means to you. Jhovanny Rodriguez 9y
- 5 Things You Should Do Since Server 2003 Support Ended Todd Rosales 9y
- 14th July deadline! Is Your Business Prepared for the end of Windows Server 2003 Support? Stephen Cobham (CEng) 9y
- Security Patch updates by Microsoft for Un-Supported OS ( Windows Server 2003, Win XP ). Is using un-supported operating systems justified ? Pranay Prajapati 6y
Explore topics
- Sales
- Marketing
- IT Services
- Business Administration
- HR Management
- Engineering
- Soft Skills
- See All