Re: Security events with same timestamp



> There are "User Logoff" and "Successful Logon"
> events with the same timestamp in the security log.
> Can some explain this.

There isn't enough information available to explain
anything...

What type of system is the Event Log in question from?
Is it a PDC/BDC?

What other information is available in the event
records? Are all of these records for the same user?
>From the same system? Are they local or network
logins?


------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Re: tool to log file access
    ... >useful than the event log? ... H. Carvey ... "Windows Forensics and Incident Recovery" ...
    (Security-Basics)
  • Mirror resynchs every reboot
    ... System partition resynchs every reboot, no errors in event log, disabled ... write caching... ... Prev by Date: ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS Issues causing 1030 and 1058 errors
    ... I e-mailed you a .zip of the event log and of the DNS packet capture ... I will begin re-trying all the troubleshooting steps previously ... Prev by Date: ...
    (microsoft.public.windows.server.sbs)
  • Userenv
    ... I have an error in my event log that I cannot find much information on. ... The Group Policy client-side extension Scripts was passed flags and ... returned a failure status code of. ... Prev by Date: ...
    (microsoft.public.win2000.general)
  • Re: audit when users logon and logoff
    ... You could always use log on and log off scripts and write a record to ... either the event log or a database. ... Prev by Date: ...
    (microsoft.public.windows.server.sbs)