RemComSvc Logs

Overview

Evidence: RemComSvc Logs Description: Collect RemComSvc Logs Category: Applications Platform: windows Short Name: rmcmsvcl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

RemCom is a remote command execution tool (similar to PsExec) that maintains service logs tracking remote command executions and connections. The tool is used for remote administration but can be abused by attackers.

Data Collected

This collector gathers structured data about remcomsvc logs.

Collection Method

This collector gathers RemComSvc log files from the Windows system directories tracking remote command execution and service activity.

Forensic Value

RemCom logs are critical for investigating lateral movement, remote command execution, and privilege escalation. They reveal commands executed remotely, connection sources, and can identify attacker activity during post-exploitation phases.