Forum Discussion
Investigate the exported logs
Hi, I have exported timeline logs of the offboarded machine to investigate the unusual activity and it was almost 2 months ago. So now I need to investigate the logs of the machine and it is a littl...
Defender does offer troubleshooting mode which can also be used in tandem with network isolation. Will be easier to onboard the device and then run forensics. The device doesn’t necessarily need to be joined to the domain. Otherwise you are looking at running forensics locally on the device.
Thanks much.