Now that we have the logs, it is high time we understood how to collect and analyze them from a network forensic's perspective.

The tool of choice is Splunk. This is a very versatile tool (it also has a free version) that offers users the ability to collect log files from multiple sources, index and normalize the data within, then carry out an in-depth analysis to look for anomalies, prepare reports, and visualize the results. Lets take a look at it:

Splunk offers the facility to import and index data in a multitude of formats. This includes structured data, web services, network devices, Microsoft servers, application ...