Lab Journal‐Task Scheduler & Event Viewer - tylerguybern/Tylerguybern GitHub Wiki

Lab Journal Question #1: Explain how someone might use the Task Scheduler maliciously. Someone, like a hacker, most likely uses this as its entry because it is able to execute tasks within the system which also allows them to have complete control over the machine. They can perform tasks that allow for their own codes to be entered into the system while it is on and make it more difficult to be removed. Journal Question #2: How might the Event Viewer be useful when investigating a security incident? Source: https://asdfed.com/Computer-Forensics-and-Windows-Event-Logsnd-Windows-Event-Logs#:~:text=A%20computer%20forensics%20examiner%20can,login%20logs%2C%20and%20many%20more. Computer forensics teams can use the event user to extract, view, and manage of whoever logs into the windows system. It can be helpful because it allows for investigators to see who was logged in (username), what times they were logged in (date/time), the source in which was logged in, and what type of login was used.