May 7th, 2008, 03:57 AM
Windows Remote Desktop and forensic evidence
Sorry members if the post is repeating. i tried could,nt get the exact thing what i am looking for.
Please help in clarifying the below:
one, i am using remote desktop from my office computer (sitting at home) and remote desktop into my home machine ( i do not have monitor- monetary reason). I use my home machine to try different tools. I am worried whether it would have any affect on my official machine used to remote desktop in this case?
Second, What kind of logs or forensic evidence is by default captured in the machine i am using for remote desktop (office machine)?
Clarifying these two questions would really help me? I would highly appreciate this help.
May 7th, 2008, 05:29 AM
For logging/reporting please look here:
I am sorry, I don't quite understand:
Where exactly is your office computer?
i am using remote desktop from my office computer (sitting at home) and remote desktop into my home machine ( i do not have monitor- monetary reason).
Well, if one of them gets compromised it would be reasonable to expect that so would the other, and thence into the network. Is there any sensitive information on the office machine?
I use my home machine to try different tools. I am worried whether it would have any affect on my official machine used to remote desktop in this case?
I would recommend that you check your employer's authorised usage policy. Some organisations forbid connecting private equipment to corporate assets.
Last edited by nihil; May 7th, 2008 at 05:54 AM.
May 7th, 2008, 09:14 AM
Thank you for replying to this thread immediatly.
what i meant by office computer was - the one provided by my company to be used for all offical reasons. there is senstivie information on my office machine. I do connect this office machine to my corporate network every day at office.
I completly understand that my company might have some policy like against using coportate property for personal use, i will verify that.
out of curosity, supposing if i block all the ports in the OS firewall except for RDP, still do you think it could cause harm?
May 7th, 2008, 11:49 AM
Would I be correct in thinking that all you are wanting to do is take the laptop home, connect it to your home PC and use its display screen?
How exactly are you physically connecting the two machines......... is it over the internet?
I don't really see you doing any "harm" as such, unless you allow one of the machines to be compromised. Remember that if you can gain remote access, there is a potential for bad guys to do the same.
Yes, you could block ports and services that you do not use (that is generally a good idea anyway) and don't forget to set the traffic encryption to "high".
You might also find out what your company policy is regarding taking equipment with sensitive data on it off the premises. I would also suggest that such data should be encrypted, and that a copy of the key/password be kept in a safe place at work.
Having said that, my personal approach would be to go to my local store and pick up a second user monitor for around $20. A 15"~17" CRT device should be adequate until you can afford something better.
May 8th, 2008, 03:00 AM
Thanks Nihil. I got your point.
though i have a couple of laptops given by company for official use, i figured out there is a clear clouse in the company policy that it cannot be used for private reasons. i will abilde by the policy.
I understand that there is considerable amount of risk if one system is compromised. I would use a sperate monitor for the testing system.
Thanks again for guidance.
May 8th, 2008, 08:48 AM
You are welcome
The reason I was concerned for you is that I have worked in both the finance and defence sectors, and have encountered employers who would be extremely unsympathetic.