Results 1 to 6 of 6

Thread: Windows Remote Desktop and forensic evidence

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    3

    Windows Remote Desktop and forensic evidence

    Sorry members if the post is repeating. i tried could,nt get the exact thing what i am looking for.

    Please help in clarifying the below:

    one, i am using remote desktop from my office computer (sitting at home) and remote desktop into my home machine ( i do not have monitor- monetary reason). I use my home machine to try different tools. I am worried whether it would have any affect on my official machine used to remote desktop in this case?

    Second, What kind of logs or forensic evidence is by default captured in the machine i am using for remote desktop (office machine)?

    Clarifying these two questions would really help me? I would highly appreciate this help.

    Anba

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    For logging/reporting please look here:

    http://theillustratednetwork.mvps.or...g.html#Logging

    I am sorry, I don't quite understand:

    i am using remote desktop from my office computer (sitting at home) and remote desktop into my home machine ( i do not have monitor- monetary reason).
    Where exactly is your office computer?

    I use my home machine to try different tools. I am worried whether it would have any affect on my official machine used to remote desktop in this case?
    Well, if one of them gets compromised it would be reasonable to expect that so would the other, and thence into the network. Is there any sensitive information on the office machine?

    I would recommend that you check your employer's authorised usage policy. Some organisations forbid connecting private equipment to corporate assets.
    Last edited by nihil; May 7th, 2008 at 05:54 AM.

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    3
    Thank you for replying to this thread immediatly.

    what i meant by office computer was - the one provided by my company to be used for all offical reasons. there is senstivie information on my office machine. I do connect this office machine to my corporate network every day at office.

    I completly understand that my company might have some policy like against using coportate property for personal use, i will verify that.

    out of curosity, supposing if i block all the ports in the OS firewall except for RDP, still do you think it could cause harm?

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Would I be correct in thinking that all you are wanting to do is take the laptop home, connect it to your home PC and use its display screen?

    How exactly are you physically connecting the two machines......... is it over the internet?

    I don't really see you doing any "harm" as such, unless you allow one of the machines to be compromised. Remember that if you can gain remote access, there is a potential for bad guys to do the same.

    Yes, you could block ports and services that you do not use (that is generally a good idea anyway) and don't forget to set the traffic encryption to "high".

    You might also find out what your company policy is regarding taking equipment with sensitive data on it off the premises. I would also suggest that such data should be encrypted, and that a copy of the key/password be kept in a safe place at work.

    Having said that, my personal approach would be to go to my local store and pick up a second user monitor for around $20. A 15"~17" CRT device should be adequate until you can afford something better.

  5. #5
    Junior Member
    Join Date
    Oct 2006
    Posts
    3
    Thanks Nihil. I got your point.
    though i have a couple of laptops given by company for official use, i figured out there is a clear clouse in the company policy that it cannot be used for private reasons. i will abilde by the policy.

    I understand that there is considerable amount of risk if one system is compromised. I would use a sperate monitor for the testing system.

    Thanks again for guidance.
    Anbalagan

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You are welcome

    The reason I was concerned for you is that I have worked in both the finance and defence sectors, and have encountered employers who would be extremely unsympathetic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •