We have a serious fraud event happened from an internal PC out of office hours (PC was physically in the office at that time). I am suspecting some internal involvement with an employee.
Post fraud the windows event log was deleted along with other logfiles so we dont have a full picture - however the perpetrator missed deleting the teamviewer log. I have reason to suspect that teamviewer was used to give access to an outside party who actually perpetrated the fraud
I have the teamviewer log and would appreciate if anyone can possibly assist in reading it into plain english. The log is for the past month but the time we are interested in particularly is the period from 5th december to end of day on the 10th
What I would like to decipher if possible is - if during that period any remote sessions were initiated , how many sessions, time of creation and time of termination, it would help us immensely if anyone can assist with interpreting the logfile
The file exceeds the number of characters allowed so I have uploaded it to box - link below