Schedule Task - Paiet/FOR---Operating-System-Forensics GitHub Wiki

Scheduled Task Angry employees

system32 > tasks >

Triggers something used to trigger a task based on login

actions what a scheduled task would do executing a program

task scheduler the logged-in user account will be used you can choose time-of-day and how many times you'd want to run the task
you direct the scheduler to the location of an app or define a path for a script you don't have to specify the windows version Can be done by going to action > creat task

Chtasks sch task Admin cmd > ? = gives help for commands / creat a new tab task and then application my task > folder > put stuff inside

task c windows system 32 > notepad.txt and select start time /run/taskname/

opening schedule task it will be logged but not tasks that have been schedualded logged in event viewer

not everything is enabled in event viewer use Sysmon

each OS will have different Event IDs Check login and logout time to correlate action within those times windows event util then the application then the event, and finally file and where you want it sent

If remote and shared folder it will be 3 7 lock and unlock remote desktop 10 cache 11 email cache domain connection