UltraVNC Logs
Overview
Section titled “Overview”Evidence: UltraVNC Logs
Description: Collect UltraVNC Application Specific Log Files
Category: Applications
Platform: windows
Short Name: ultravnclgs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”UltraVNC is an open-source remote desktop application that logs connection events, authentication attempts, and session activities. It’s commonly used for remote support and administration.
Data Collected
Section titled “Data Collected”This collector gathers structured data about ultravnc logs.
Collection Method
Section titled “Collection Method”This collector gathers UltraVNC log files from ProgramData directories containing connection and session information.
Forensic Value
Section titled “Forensic Value”UltraVNC logs help identify remote desktop sessions, authentication attempts, and connection patterns. They’re valuable for investigating unauthorized remote access and lateral movement.