Skip to content
AIR Knowledge Base

Teamviewer Logs

Overview

Section titled “Overview”

Evidence: Teamviewer Logs
Description: Collect Teamviewer Connection Logs
Category: Applications
Platform: windows
Short Name: tml
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

TeamViewer is a widely-used remote desktop and support software. It maintains extensive logs of connections, file transfers, and recent connections (MRU). Connection logs contain partner IDs, session times, and access details.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about teamviewer logs.

Collection Method

Section titled “Collection Method”

This collector gathers TeamViewer logs, connection text files, and MRU (Most Recently Used) connection history from both installation and user profile directories.

Forensic Value

Section titled “Forensic Value”

TeamViewer logs are critical for investigating unauthorized remote access, as the software is frequently abused by attackers for initial access and persistence. Logs reveal connection partners, session times, file transfers, and can link to specific TeamViewer IDs used by threat actors.