SSH auth.log
Look for auth logs cat /var/log/auth.log which will show the SSH logins into server. If you use public/private keys,
then you will know which key (so who) logged into a "shared" account (like root).
Data sources
-
Microsoft Teams user generated content
(
C:\Users\%USERNAME%\AppData\Roaming\Microsoft\TeamsIndexedDB)