Windows Forensics PSLoggedOn Lab

The tool PSLogged on is a utility that tells you who across the network is logged on. You’ll learn how provides all specific details about who is logged on and when, particularly when looking defensively at any non-admin logons discovered.  You’ll observe that PSLoggedOn is part of the PSTools Suit and easily downloaded. [toggle_content title="Transcript"] Hey, Leo Dregier here. I want to talk about a tool PSLoggedOn. If you have the PS, um, PS tools installed on your system, um, most of the time we just copy those to the System-32 directory. We can just run them from anywhere in the command prompt like I have, uh, demonstrated here. It's just PSLoggedOn, uh, space, backslash, backslash computer name, and this will allow you to reach out across the network, uh, and give you the equivalent of the, you know, net session or the net statistics, kind ofgive you, uh, a little peek into that world, uh, where you can see who's logged on to what computer. So in this case, you can see I'm logged onto myself at 109.215, the time in which I logged on, and of course, the computer and administrator – uh, well, in this case, owner or administrator or username [00:59] image. Um, but you know, one of the things that I would be looking for here is something like admin, or backup operator, or any sort of role-based information, or any sort of tell-tale sign, uh, signs of naming convention and to determine if eyes and ears are basically on that, uh, computer. Now that's why I would use it from an offensive point of view. From a defensive point of view, you may want to see who's peeking and, you know, probing and prodding certain devices. Let's say that you have a server, you know, called Payroll. You know, who's logged onto that, um, you know, maybe an indicator. Maybe it should only be the accounting people, or you know, should the network administrator also have, uh, that access and things like that. Um, so just wanted to share this tool, little insight right here. PSLoggedOn. You can use this if you have, uh, the PS tool suite, which is easily downloadable online if you just search for PS tools. Thank you for watching. My name's Leo Dregier, and be sure to, uh, chat in the dialog boxes and ask questions if you have questions about any of the videos because we're all here to help. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?