Please Guide me:-
I have suspicions that someone other than people on my team have obtained the credentials to remotely access a Windows 2012R2 Server, and deleted important data. I need to get some evidence before I start pointing fingers or get everyone alerted that someone
might be hacking our servers.
Can I get a log of all the computers that have remotely accessed my server (by remote access I mean using the remote desktop features of Windows server)? Ideally there should be some information about each computer, at least their public IP address