AnyDesk Logs

Overview

Evidence: AnyDesk Logs Description: Collect AnyDesk Logs Category: Applications Platform: windows Short Name: nydskl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

AnyDesk is a widely-used remote desktop application frequently leveraged by both legitimate users and threat actors. It stores trace logs, configuration files, connection traces, and recorded sessions. The software is commonly abused for initial access and persistence in cyber attacks.

Data Collected

This collector gathers structured data about anydesk logs.

Collection Method

This collector gathers AnyDesk trace files, configuration files, connection trace logs, and recorded session files from user and system directories.

Forensic Value

AnyDesk artifacts are critical for investigating unauthorized remote access, as the tool is frequently used in ransomware attacks, tech support scams, and remote access trojans. Logs reveal connection IDs, session times, file transfers, and can link to specific AnyDesk addresses used by attackers.