Network Forensics — Week 10
Week 10
This session we learned about event log correlation and analysis. There are a different types of logs in a computer, such as event logs and security logs.
In order to see the event logs in Windows 10, search for ‘Event Viewer’. There are also several types of logs, such as:
Firewall
Recycle bin
IE browsing history
Shortcut files
There are also several analysis tools that can be used to analyse these logs:
Commercial tools :
Retrace
Splunk
Logmatic
Logentries
Open source tools :
Logstash
Graylog
Graylog is able to analyse all the logs when all the companies servers are connected to it. If one system is attacked, then the attack can be investigated through the data of the attack. Graylog’s features provides the time and source of each log. Thus, it makes it easier to identify if someone is trying to brute force their way into the system.
Tags: Network Forensic
This entry was posted on Monday, December 7th, 2020 at 10:30 am and is filed under Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.