Skip to content
AIR Knowledge Base

AnyDesk Logs

Overview

Section titled “Overview”

Evidence: AnyDesk Logs
Description: Collect AnyDesk Logs
Category: Applications
Platform: macos
Short Name: adsl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

AnyDesk is a remote desktop application that maintains trace logs of connections, sessions, file transfers, and user activities. Logs are stored in both user-specific directories and system-wide locations, including custom deployment prefixes.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about anydesk logs.

Collection Method

Section titled “Collection Method”

This collector gathers AnyDesk trace files from user home directories (.anydesk folders with optional custom prefixes), system logs in /var/log, and Application Support directories.

Forensic Value

Section titled “Forensic Value”

AnyDesk logs are critical for investigating unauthorized remote access, data exfiltration, lateral movement, and insider threats. They reveal connection times, remote IP addresses, file transfers, and session activities often used in ransomware and data theft incidents.