https://github.com/thewhiteninja/ntfstool
NTFSTool is a forensic tool focused on NTFS volumes.
https://github.com/stuhli/awesome-event-ids
Windows RDP-Related Event Logs: Identification, Tracking, and Investigation
I debated back and forth on the best way to sort/group these. Ultimately, in truly pragmatic fashion, I figured it would likely be most useful to sort them in the (chronological) order in which you might expect to find them. Ergo, the flow/section breakup is the following:
Network Connection >-> Authentication >-> Logon >-> Session Disconnect/Reconnect >-> Logoff