# TeamViewer Logs

## Overview

**Evidence:** Teamviewer Logs\
**Description:** Collect Teamviewer Connection Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** tml\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

TeamViewer is a widely-used remote desktop and support software. It maintains extensive logs of connections, file transfers, and recent connections (MRU). Connection logs contain partner IDs, session times, and access details.

## Data Collected

This collector gathers structured data about teamviewer logs.

## Collection Method

This collector gathers TeamViewer logs, connection text files, and MRU (Most Recently Used) connection history from both installation and user profile directories.

## Forensic Value

TeamViewer logs are critical for investigating unauthorized remote access, as the software is frequently abused by attackers for initial access and persistence. Logs reveal connection partners, session times, file transfers, and can link to specific TeamViewer IDs used by threat actors.