Week 10
This week, we learned about event log analysis and correlation. By doing this method, forensic investigators can find clues or activities that support their evidence for incidents.
In Windows 10, we can use ‘Event Viewer’ which is convenient and pretty to see the event logs. The other type of logs are:
Recycle bin
Firewall
Set Up
IE browsing history
Shortcut files
The tools needed to analyze the logs above are:
Commercial tools :
Retrace
Splunk
Logmatic
Logentries
Open source tools :
Logstash
Graylog
Graylog is able to analyze all the logs when all the companies servers are connected to it. If one system is attacked, then the attack can be investigated through the data of the attack. Graylog’s features provide the time and source of each log. Thus, it makes it easier to identify if someone is trying to brute force their way into the system.