This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in admin shares event records. Four different types of logs are covered, each containing different information for triage purposes.