Skip to content
AIR Knowledge Base

AnyDesk Logs

Overview

Section titled “Overview”

Evidence: AnyDesk Logs
Description: Collect AnyDesk Logs
Category: Applications
Platform: linux
Short Name: adsl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

AnyDesk is a remote desktop application widely used for remote support and access. On Linux, it maintains trace logs of connections, sessions, file transfers, and activities in user home directories and system-wide locations, including custom deployment prefixes.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about anydesk logs.

Collection Method

Section titled “Collection Method”

This collector gathers AnyDesk trace files from user home directories (.anydesk folders with optional custom prefixes), system logs in /var/log, and .config/AnyDesk/Logs directories.

Forensic Value

Section titled “Forensic Value”

AnyDesk logs are critical for investigating unauthorized remote access, ransomware deployment, data exfiltration, lateral movement, and insider threats. They reveal connection times, remote IP addresses, file transfers, and session activities frequently involved in security incidents.