Microsoft has published a very useful reference (from a digital forensic point of view) by Andrei Miroshnikov.
This document contains:
• Detailed technical descriptions for most of the advanced security audit policies that are included with Windows 10.
• Monitoring recommendations for security events to include in advanced security audit policies.
• Recommendations for Group Policy settings for advanced security audit policy for domain controllers, workstations, and member servers.
[su_button url=”https://www.microsoft.com/en-us/download/details.aspx?id=52630″ target=”blank” style=”flat” background=”#222348″ size=”7″ radius=”0″]Download[/su_button]
