anydesk.logs

$ target-query <path/to/target> -f anydesk.logs

Details

Module	dissect.target.plugins.apps.remoteaccess.anydesk.AnydeskPlugin
Output	records

Module documentation

Anydesk plugin.

Function documentation

Parse AnyDesk trace files.

AnyDesk is a remote desktop application and can be used by adversaries to get (persistent) access to a machine. Log files (.trace files) can be stored on various locations, based on target OS and client type. Timestamps in trace files do not carry a time zone designator (TZD) but are in fact UTC.

References:

• https://www.inversecos.com/2021/02/forensic-analysis-of-anydesk-logs.html

• https://support.anydesk.com/knowledge/trace-files#trace-file-locations