# AnyDesk Logs

## Overview

**Evidence:** AnyDesk Logs\
**Description:** Collect AnyDesk Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** nydskl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

AnyDesk is a widely-used remote desktop application frequently leveraged by both legitimate users and threat actors. It stores trace logs, configuration files, connection traces, and recorded sessions. The software is commonly abused for initial access and persistence in cyber attacks.

## Data Collected

This collector gathers structured data about anydesk logs.

## Collection Method

This collector gathers AnyDesk trace files, configuration files, connection trace logs, and recorded session files from user and system directories.

## Forensic Value

AnyDesk artifacts are critical for investigating unauthorized remote access, as the tool is frequently used in ransomware attacks, tech support scams, and remote access trojans. Logs reveal connection IDs, session times, file transfers, and can link to specific AnyDesk addresses used by attackers.