AnyDesk Logs
Overview
Section titled “Overview”Evidence: AnyDesk Logs
Description: Collect AnyDesk Logs
Category: Applications
Platform: windows
Short Name: nydskl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”AnyDesk is a widely-used remote desktop application frequently leveraged by both legitimate users and threat actors. It stores trace logs, configuration files, connection traces, and recorded sessions. The software is commonly abused for initial access and persistence in cyber attacks.
Data Collected
Section titled “Data Collected”This collector gathers structured data about anydesk logs.
Collection Method
Section titled “Collection Method”This collector gathers AnyDesk trace files, configuration files, connection trace logs, and recorded session files from user and system directories.
Forensic Value
Section titled “Forensic Value”AnyDesk artifacts are critical for investigating unauthorized remote access, as the tool is frequently used in ransomware attacks, tech support scams, and remote access trojans. Logs reveal connection IDs, session times, file transfers, and can link to specific AnyDesk addresses used by attackers.