Discovering the connection between logs and forensics

In the preceding section, we got a good understanding of what logs are like and the kind of data contained in them. I am sure that like any good investigator, we have a gut feeling that these can be pretty important. Let's work towards discovering exactly why this is so.

As we saw in the previous section, a log entry reflects an event that occurred in an organization's network. A group of log entries make a log file. Many such log files are directly related to the security, while others may have some entries specific to security-related matters. Security-related logs could be generated by anti-virus tools, firewalls, intrusion detection and prevention systems (IDPS), operating system, networking ...

Get Learning Network Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.